CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

CVE-2026-43531

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

EUVD-2026-27273

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

CVE-2026-41680

A flaw was found in marked, a markdown parser and compiler. An unauthenticated attacker can exploit this Denial of Service DoS vulnerability by providing a specific 3-byte input sequence a tab, a vertical tab, and a newline. This input triggers an infinite recursion loop during parsing, leading t...

CVE-2026-7823

creationtimestamp| type| source ---|---|--- 2026-05-05 06:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3ml3j3upp6r26 2026-05-05 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116520440829606859 2026-05-05 07:06:14+00:00| seen|...

CVE-2025-13618

creationtimestamp| type| source ---|---|--- 2026-05-05 04:31:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml3e4rhkvc2t 2026-05-05 05:37:58+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3ml3htlgwzg2f 2026-05-05 19:59:59+00:00| seen|...

CVE-2026-6700

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

CVE-2026-6700

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

CVE-2026-5722

creationtimestamp| type| source ---|---|--- 2026-05-05 02:24:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml34zrwaps2n 2026-05-05 02:29:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml35d2qrq62t 2026-05-05 03:00:30+00:00| seen|...

PT-2026-36958

Name of the Vulnerable Software and Affected Versions DX Sources versions prior to 2.0.2 Description The DX Sources plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missi...

PT-2026-37087

Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

CVE-2026-7791

creationtimestamp| type| source ---|---|--- 2026-05-04 22:49:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2qzt3ddo26 2026-05-04 23:11:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2samn7ly2p 2026-05-05 02:11:32+00:00| seen|...

CVE-2026-0073

creationtimestamp| type| source ---|---|--- 2026-05-04 18:39:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2d26f5kc2e 2026-05-04 20:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2hl2mb3f2f 2026-05-04 20:51:45+00:00| seen|...

CVE-2026-42087

creationtimestamp| type| source ---|---|--- 2026-05-04 18:23:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2c63yso62r 2026-05-04 18:28:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2cgemy2x2v 2026-05-08 23:07:07+00:00| seen|...

CVE-2026-33006

creationtimestamp| type| source ---|---|--- 2026-05-04 17:18:53+00:00| seen| https://infosec.exchange/users/harrysintonen/statuses/116517446102524326 2026-05-04 17:53:59+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2airgugo2h 2026-05-04 21:11:15+00:00| seen|...

CVE-2026-23918

creationtimestamp| type| source ---|---|--- 2026-05-04 16:22:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml23ey76qf2z 2026-05-04 17:18:52+00:00| seen| https://infosec.exchange/users/harrysintonen/statuses/116517446102524326 2026-05-04 17:48:44+00:00| seen|...