CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

GHSA-5R8F-96GM-5J6G OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`

Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...

PT-2026-26394

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

EUVD-2019-1111

Malware in sbrugna...

EUVD-2004-0192

Malware in sbrugna...

EUVD-2019-16088

Malware in sbrugna...

EUVD-2004-1748

Malware in sbrugna...

EUVD-2016-7074

Malware in sbrugna...

EUVD-2005-0818

Malware in sbrugna...

EUVD-2006-2342

Malware in sbrugna...

EUVD-2019-16090

Malware in sbrugna...

EUVD-2017-3204

Malware in sbrugna...

EUVD-2025-25751

Malicious code in bioql PyPI...

EUVD-2023-45549

Malicious code in bioql PyPI...

EUVD-2025-0174

Malicious code in bioql PyPI...

CVE-2025-52490

CVE-2025-52490 affects Couchbase Sync Gateway versions prior to 3.2.6. The issue arises from cleartext passwords appearing in redacted and unredacted output in sgcollect_info_options.log and sync_gateway.log, enabling potential information disclosure. The linked advisories indicate upgrading to a...

Askey RTF8207w和Askey RTF8217 安全漏洞

The Askey RTF8207w and Askey RTF8217 are both fiber optic GPON home gateways from Askey Taiwan, China. A security vulnerability exists in the Askey RTF8207w and Askey RTF8217, which stems from a stack-based buffer overflow issue that could allow a remote attacker to take control of the program...

CVE-2025-48147 WordPress CryptoCloud - Crypto Payment Gateway plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through = 2.1.2...

CVE-2023-4489

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...

CVE-2020-10111

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...