CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32055

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

CVE-2026-26306

The installer for OM Workspace Windows Edition Ver 2.4 and earlier insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer...

Improper Restriction of Communication Channel to Intended Endpoints

Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledgesearch and knowledgegetnode MCP tools, whic...

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

GHSA-647H-P824-99W7 @grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

CVE-2026-26306

The installer for OM Workspace Windows Edition Ver 2.4 and earlier insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer...

CVE-2026-26306

The installer for OM Workspace Windows Edition Ver 2.4 and earlier insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer...

CVE-2026-26306

The installer for OM Workspace Windows Edition Ver 2.4 and earlier insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer...

CVE-2026-26306

The CVE-2026-26306 entry concerns the installer for OM Workspace (Windows Edition) versions 2.4 and earlier, which insecurely loads Dynamic Link Libraries (DLLs) during installation. The root cause is improper DLL loading, enabling an attacker to execute arbitrary code with the privileges of the ...

PT-2026-27641

Name of the Vulnerable Software and Affected Versions OM Workspace versions 2.4 and earlier Description The installer for OM Workspace Windows Edition insecurely loads Dynamic Link Libraries DLLs. This could allow an attacker to execute arbitrary code with the privileges of the user running the...

OM Workspace 代码问题漏洞

OM Workspace is a digital collaboration platform developed by the Japanese company OM. Versions of OM Workspace Windows Edition 2.4 and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from the installer’s insecure loading of dynamic link libraries, which could allow...

ide-task-rce

⚡ IDE Folder-Open RCE: Automatic Task Execution Vulnerability...

Sensitive Information Exposure

github.com/coder/coder/v2 is vulnerable to Sensitive Information Exposure. The vulnerability is due to logging of Workspace Agent manifests containing sensitive values in plaintext without sanitization, which allows an attacker with access to logs to retrieve confidential information...

OpenClaw Backlink Vulnerability (CNVD-2026-14858)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read arbitrary files outside the boundaries of the configuration workspace...

OpenClaw backlink vulnerability (CNVD-2026-14861)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read and write files outside the agent's workspace, which in turn can be used to execute code via a file overwrite attack...

OpenClaw path traversal vulnerability (CNVD-2026-14848)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read files outside of the workspace...