CVE-2026-33574

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574

OpenClaw is affected before 2026.3.8 by a path traversal in the skills download installer. The root tools directory is validated lexically but the mutable path is reused during archive download and copy, allowing a local attacker to rebind the tools-root between validation and final write and red...

CVE-2026-33574

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-5023

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

[SECURITY] Fedora 43 Update: bind-9.18.47-1.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

PT-2026-28498

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.8 Description The software contains a path traversal issue in the skills download installer. The installer validates the tools root path but reuses a mutable path during archive download and copy operations...

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

Exploit for Code Injection in Openwebui Open_Webui

CVE-2026-0766: OpenWebUI Remote Code Execution Educational...

[SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

EUVD-2026-16882

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools...

EUVD-2026-16878

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries...

PT-2026-28507

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6 Description An indirect prompt injection exists in the email channel processing module nanobot/channels/email.py. This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model LLM...

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Summary A vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute...

CVE-2026-22500

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

OPENSUSE-SU-2026:20437-1 Security update for net-tools

This update for net-tools fixes the following issues: - Fix stack buffer overflow in parsehex bsc1248687, GHSA-h667-qrp8-gj58. - Fix stack-based buffer overflow in procgenfmt bsc1248687, GHSA-w7jq-cmw2-cq59. - Avoid unsafe memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom...

SUSE-SU-2026:20948-1 Security update for net-tools

This update for net-tools fixes the following issues: - Fix stack buffer overflow in parsehex bsc1248687, GHSA-h667-qrp8-gj58. - Fix stack-based buffer overflow in procgenfmt bsc1248687, GHSA-w7jq-cmw2-cq59. - Avoid unsafe memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom...

CVE-2026-32035

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...