OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.23 had a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the experimental applypatch tool, which could allow attackers with sandbox acces...

EUVD-2026-12835

OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply...

CVE-2026-4354

Summary of CVE-2026-4354 : TRENDnet TEW-824DRU devices (firmware versions 1.010B01/1.04B01) are affected. The vulnerability resides in the Web Interface component, specifically the function sub_420A78 in apply_sec.cgi, where manipulating the Language argument enables cross-site scripting (XSS). T...

PT-2026-25964

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub 420A78 of the file apply sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2026-1314)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060 OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060

OpenClaw is affected: versions before 2026.2.14 contain a path traversal flaw in apply_patch when filesystem sandboxing is disabled. An attacker can craft paths (including absolute paths) to escape the configured workspace and modify or delete arbitrary files. Impact includes high risk to confide...

EUVD-2026-11150

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...

CVE-2026-31793

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence causing denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31795

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5...

EUVD-2026-10738

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31795 iccDEV has a stack buffer overflow write in CIccXform3DLut::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31793 iccDEV has a SEGV in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence causing denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31793

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence causing denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31793

The CVE affects iccDEV libraries prior to 2.3.1.5, where a segmentation fault occurs due to an invalid/wild pointer read in CIccCalculatorFunc::ApplySequence(), leading to denial of service. Affected version range is before 2.3.1.5; the issue is fixed in 2.3.1.5. Impact is a crash (DoS) with loca...

CVE-2026-30984

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence causing an application crash. This vulnerability is fixed in 2.3.1.5...