200 matches found
GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...
PT-2026-26011
Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in openclaw versions up to and including 2026.3.1. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related...
CVE-2025-67840
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...
Authorization bypass in Grafana datasource deletion
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: The attacker must have admin access to the specific datasource prior to its first deletion...
OpenClaw has an arbitrary transcript path file write via gateway sessionFile
Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...
pnpm has symlink traversal in file:/git dependencies
Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...
PT-2026-25897
Name of the Vulnerable Software and Affected Versions Ubuntu 16.04 LTS affected versions not specified Ubuntu 18.04 LTS affected versions not specified Ubuntu 20.04 LTS versions prior to 2.67.1+20.04ubuntu1esm1 Ubuntu 22.04 LTS affected versions not specified Ubuntu 24.04 LTS versions prior to...
EUVD-2015-1475
Malware in sbrugna...
EUVD-2018-18305
Malware in sbrugna...
EUVD-2015-1474
Malware in sbrugna...
Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-680656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680656 advisory. A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for...
EUVD-2021-33996
Malicious code in bioql PyPI...
Cri-o: pods are able to break out of resource confinement on cgroupv2
...
Linux Distros Unpatched Vulnerability : CVE-2021-3631
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled...
Incorrect Permission Assignment For Critical Resource
github.com/snapcore/snapd is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to the improper restriction of writes to the $HOME/bin path. An attacker can execute arbitrary scripts outside of the expected snap sandbox, potentially allowing them to esca...
snapd failed to restrict writes to the $HOME/bin path
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
GHSA-4MH8-9689-38VR snapd failed to restrict writes to the $HOME/bin path
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
CVE-2024-1724
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
CVE-2024-1724 snapd allows $HOME/bin symlink
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...