Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/07 1:44 a.m.1 views

CVE-2026-28486

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks instal...

6.8CVSS5.9AI score0.00048EPSS
Exploits0References1
NVD
NVDadded 2026/03/05 10:16 p.m.6 views

CVE-2026-28486

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks instal...

6.8CVSS0.00048EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/05 10:0 p.m.1 views

EUVD-2026-9931

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks instal...

6.8CVSS6.1AI score0.00048EPSS
Exploits0References3
OSV
OSVadded 2026/03/02 11:23 p.m.1 views

GHSA-V892-HWPG-JWQP OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands

Summary A path traversal Zip Slip issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory. Affected Packages / Versions - Package: openclaw npm - Affected versions: =2026.1.16-2 2026.2.14 - Fixed...

6.9CVSS6.3AI score0.00048EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/02/23 5:39 a.m.2 views

Malicious code in zzmaliciouspackage (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b6eee7714701896e6638dc9197f76de1edb7e14cb011d48717bfc516b793600 Any computer that has this package install...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/02/23 5:16 a.m.2 views

Malicious code in com.adobe.cq.core.wcm.components.content (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/03 12:43 a.m.2 views

Malicious code in muzeeglot (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a924cd903cd9ec3511c788b9d1b75874ed09f4786dcf83a141a6424a9dddfd86 Any computer that has this package install...

7AI score
Exploits0References3
Rows per page
Query Builder