Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3995 matches found

Positive Technologies
Positive Technologiesadded 2026/05/03 12:0 a.m.5 views

PT-2026-36706

Name of the Vulnerable Software and Affected Versions toeverything AFFiNE versions prior to 0.26.4 Description An authorization bypass exists in the Public Markdown Preview Endpoint. A remote attacker can manipulate the allowDocPreview function within the '/workspace/:workspaceId/:docId' endpoint...

6.9CVSS6.1AI score0.00314EPSS
Exploits0References6
NVD
NVDadded 2026/04/30 10:16 p.m.1 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/30 9:29 p.m.30 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/30 9:29 p.m.1 views

EUVD-2026-26451

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3
Snyk
Snykadded 2026/04/29 9:25 p.m.4 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mirror mode process. An attacker can delete arbitrary remote directories by manipulating the remoteWorkspaceDir and remoteAgentWorkspaceDir configuration value...

8.1CVSS6.3AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/29 8:48 p.m.2 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.0 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/29 12:28 p.m.10 views

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters use jackson-core-2.12.0.jar, which is affected by vulnerability WS-2026-0003 Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000...

5.4AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/28 8:11 p.m.2 views

CVE-2026-41649 Outline has IDOR in document share creation that allows unauthorized access to private documents across workspaces

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3
CVE
CVEadded 2026/04/28 8:11 p.m.16 views

CVE-2026-41649

Outline's shares.create in versions up to 1.7.0 has an insecure direct object reference when both collectionId and documentId are supplied; authorization checks only the collection, enabling authenticated users to generate a public share link for any document (even in other workspaces) and access...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/04/28 7:37 p.m.4 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
NVD
NVDadded 2026/04/28 7:37 p.m.5 views

CVE-2026-41396

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS0.00126EPSS
Exploits0References3
NVD
NVDadded 2026/04/28 7:37 p.m.2 views

CVE-2026-41384

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:10 p.m.2 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/28 6:10 p.m.27 views

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:10 p.m.5 views

EUVD-2026-26117

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References3
CVE
CVEadded 2026/04/28 6:10 p.m.9 views

CVE-2026-41911

CVE-2026-41911 affects the OpenClaw project: OpenClaw prior to 2026.4.8 contains a filesystem policy bypass during docx upload processing that allows local file reads outside the workspace boundaries. Attackers can exploit the upload_file and upload_image endpoints to access files beyond the inte...

6.5CVSS5.3AI score0.00326EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/28 6:9 p.m.2 views

CVE-2026-41396 OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS5.2AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/28 6:9 p.m.24 views

CVE-2026-41396 OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS0.00126EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:9 p.m.2 views

EUVD-2026-26104

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS5.2AI score0.00126EPSS
Exploits0References3
Rows per page
Query Builder