Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7626 matches found

Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description Insufficient sanitization of the PIP INDEX URL and UV INDEX URL environment variables in host execution contexts allows attackers to redirect Python package-index traffic. This can lead to the...

6.1CVSS5.8AI score0.00018EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.4 views

Red Hat OpenShift Container Platform 代码问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc., which helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is a code vulnerability in Red Hat OpenShift Container Platform...

4.3CVSS6AI score0.0003EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.3 views

PT-2026-35797

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT DIR and related variables to redirect git operations and compromise repository integrity...

5.8CVSS5.5AI score0.00018EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35805

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO BUILD RUSTC WRAPPER, RUSTC WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands an...

5.8CVSS6.6AI score0.00036EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.1 views

PT-2026-35756

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandb...

8.6CVSS5.4AI score0.00059EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the failure to remove git pipeline environment variables from the execution environment before performin...

6.1CVSS5.9AI score0.00018EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.4 views

NVIDIA NeMoClaw 安全漏洞

NVIDIA NeMoClaw is a large-scale behavior constraint and security control framework developed by NVIDIA Corporation in the United States. NVIDIA NeMoClaw has a security vulnerability. This vulnerability stems from issues with the sandbox environment initialization components. It may allow remote...

8.6CVSS5.8AI score0.00059EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from issues with the jq security binary strategy, which allowed for environment variable leaks. This could...

7.1CVSS5.8AI score0.00042EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.1 views

PT-2026-35719

Name of the Vulnerable Software and Affected Versions OpenShift Container Platform affected versions not specified Description A flaw in the build system allows a user with the edit ClusterRole to inject arbitrary environment variables, such as LD PRELOAD or http proxy, into docker-build...

4.3CVSS5.9AI score0.0003EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the absence of blacklist entries for environment variables such as HGRCPATH, CARGOBUILDRUSTCWRAPPER,...

5.8CVSS6.2AI score0.00036EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.0 views

PT-2026-35758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An incomplete host-env-security-policy.json fails to restrict compiler binary environment variables. This allows untrusted models to substitute CC, CXX, CARGO BUILD RUSTC, and CMAKE C COMPILER...

6.1CVSS6.2AI score0.00014EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of environment variables during host execution operations, which could allow...

7.1CVSS5.9AI score0.00054EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/27 11:24 p.m.2 views

CVE-2026-41369 OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

7.1CVSS5.5AI score0.00054EPSS
Exploits0References3
CVE
CVEadded 2026/04/27 11:24 p.m.14 views

CVE-2026-41369

OpenClaw prior to 2026.3.31 is affected by insufficient environment variable sanitization in host execution paths. The vulnerability concerns the sanitization of environment variables related to packages, registries, Docker, compilers, and TLS overrides, allowing an attacker to inject malicious v...

7.1CVSS5.5AI score0.00054EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/27 11:24 p.m.31 views

CVE-2026-41369 OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

7.1CVSS0.00054EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/27 11:24 p.m.2 views

CVE-2026-41369

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

7.1CVSS5.5AI score0.00054EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/27 11:24 p.m.3 views

EUVD-2026-25949

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

7.1CVSS5.5AI score0.00054EPSS
Exploits0References3
CVE
CVEadded 2026/04/27 11:24 p.m.9 views

CVE-2026-41368

CVE-2026-41368 affects OpenClaw prior to 2026.3.28. The issue is an environment variable disclosure via the jq safe-bin policy, where the $ENV filter is not blocked, allowing access to sensitive environment variables. Affected: OpenClaw versions before 2026.3.28. Impact: exposure of confidential ...

7.1CVSS5.2AI score0.00042EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/27 11:24 p.m.2 views

CVE-2026-41368

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...

7.1CVSS5.2AI score0.00042EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/27 11:24 p.m.2 views

EUVD-2026-25948

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...

7.1CVSS5.2AI score0.00042EPSS
Exploits0References2
Rows per page
Query Builder