2 matches found
EUVD-2026-28180
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...
Server Side Request Forgery (SSRF)
ssrfcheck is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete denylist that fails to classify the reserved multicast IP range 224.0.0.0/4 as invalid, which allows an attacker to craft requests targeting these multicast addresses...