CVE-2026-49190 Missing Per-Instruction Authorization Checks

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

CVE-2026-45023

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

EUVD-2026-33072

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the /chatWebSocket endpoint in the Chat Trigger node’s Hosted Chat feature, which did not verify...

CVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...

Code Execution

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Code Execution in the via lockfile maintenance in bazel-module/lockfile.ts‎, used by bazel-module and bazelisk. An attacker can execute arbitrary code by introducing a malicious dependency that is...

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being included...

OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals

Summary Discord text approval commands resolved pending exec approvals without honoring the configured approver allowlist. Impact A Discord user who was allowed to send commands but was not in the approver list could still approve pending host execution. Affected Component...

SolarWinds Observability Self-Hosted 跨站脚本漏洞

SolarWinds Observability Self-Hosted is an observability platform developed by the American company SolarWinds. SolarWinds Observability Self-Hosted has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting vulnerability. This vulnerability may lead to...

OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind

Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.26 planned next npm release Impact A command...

PT-2026-26019

Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.26 planned next npm release Impact A command...

Linux Distros Unpatched Vulnerability : CVE-2022-50650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once,...

CVE-2022-50650

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...

UBUNTU-CVE-2022-50650

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...

CVE-2022-50650 bpf: Fix reference state management for synchronous callbacks

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...

Malicious code in blinqio-executions-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9e5a96fa18543da294b321a481fba9ad03884c6ca9387794f923c84892966be The package blinqio-executions-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191076 Malicious code in blinqio-executions-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9e5a96fa18543da294b321a481fba9ad03884c6ca9387794f923c84892966be The package blinqio-executions-cli was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199186

Malicious code in blinqio-executions-cli npm...