110 matches found
DEBIAN-CVE-2026-41149
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...
CVE-2026-41149
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...
CVE-2026-41149 Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...
CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...
CVE-2026-41148
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Impact Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although tags are removed, preventing XSS. Proof-of-concept stateDiagram-v2 classDef xss...
PT-2026-39885
Name of the Vulnerable Software and Affected Versions Mermaid versions prior to 10.9.6 Mermaid versions 11.0.0-alpha.1 through 11.14.0 Description Improper sanitization in the state diagram and other diagram types that route user-controlled style strings through the createCssStyles parser allows...
GHSA-M6RX-7PVW-2F73 OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal
A logic flaw exists in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter checkPathConstraints is ever...
PT-2026-29051
Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description CrewAI does not adequately verify the continued operation of Docker during runtime. If Docker is not running, the software reverts to a sandbox configuration that permits Remote Code Execution...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the applypatch process. An attacker can gain unauthorized access to files or directories outside the intended workspace by exploiting insufficient enforcement ...
GHSA-H9XM-J4QG-FVPG OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default)
Summary In some opt-in sandbox configurations, the experimental applypatch tool did not consistently apply workspace-only checks to mounted paths for example /agent/.... Impact This does not affect default installs. Default posture: - agents.defaults.sandbox.mode=off sandbox disabled by default -...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal in detectAndLoadPromptImages or loadImageFromRef. An attacker can access and load image data from out-of-workspace paths by referencing mounted paths in prompt text...
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs
Summary In sandboxed runs, native prompt image auto-load did not honor tools.fs.workspaceOnly=true. This optional hardening setting is not enabled by default. When operators enabled it, prompt text could still reference mounted out-of-workspace image paths for example /agent/secret.png and load...
PT-2026-26389
Summary In some opt-in sandbox configurations, the experimental apply patch tool did not consistently apply workspace-only checks to mounted paths for example /agent/.... Impact This does not affect default installs. Default posture: - agents.defaults.sandbox.mode=off sandbox disabled by default ...
GHSA-R5FQ-947M-XM57 OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
Summary In affected versions, when applypatch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14 Details The...
OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
Summary In affected versions, when applypatch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14 Details The...
GHSA-26GQ-GRMH-6XM6 Gogs vulnerable to Stored XSS via Mermaid diagrams
Summary Stored XSS via mermaid diagrams due to usage of vulnerable renderer library Details Gogs introduced support for rendering mermaid diagrams in version 0.13.0. Currently used version of the library mermaid 11.9.0 is vulnerable to at least two XSS scenarios with publicly available payloads...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context ...
GHSA-825G-MM5V-GGQ4 Apache Syncope allows malicious administrators to inject Groovy code
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...
EUVD-2012-4859
Malware in sbrugna...