CVE-2026-44992 OpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenv

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

PT-2021-22432 · Cachet · Cachet

Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APP KE...