GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching

Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...

EUVD-2026-19354

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

GHSA-FGV2-4Q4G-WC35

creationtimestamp| type| source ---|---|--- 2026-03-31 19:20:27+00:00| published-proof-of-concept| Telegram/pGlKXNBirRT0gxqFC1bVLs6pojbUfu72MTdyyvCxHD2SpM...

CVE-2026-32726

creationtimestamp| type| source ---|---|--- 2026-03-31 18:31:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miesq35nbb2w 2026-03-31 19:10:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieuvvjrol25 2026-03-31 19:20:34+00:00| published-proof-of-concept|...

CVE-2026-34506

creationtimestamp| type| source ---|---|--- 2026-03-31 12:25:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mie6cc6f472s 2026-03-31 12:26:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mie6dkiv7l27 2026-03-31 12:27:18+00:00| seen|...

CVE-2026-34730

creationtimestamp| type| source ---|---|--- 2026-03-31 12:06:47+00:00| published-proof-of-concept| https://github.com/copier-org/copier/security/advisories/GHSA-hgjq-p8cr-gg4h...

CVE-2025-30456

creationtimestamp| type| source ---|---|--- 2025-03-31 18:15:46+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114258407899763287 2025-03-31 18:15:46+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114258407899763287 2025-03-31 23:15:52+00:00| seen|...

CVE-2025-31559

creationtimestamp| type| source ---|---|--- 2025-03-31 15:31:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9670...

CVE-2025-3011

creationtimestamp| type| source ---|---|--- 2025-03-31 04:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llnk4az4le24 2025-03-31 05:48:28+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114255469489298392 2025-03-31 05:48:28+00:00| seen|...

CVE-2025-2965

creationtimestamp| type| source ---|---|--- 2025-03-30 23:29:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9559 2025-03-31 03:17:36+00:00| seen| https://t.me/cvedetector/21528...

farmaciacontinua.it Cross Site Scripting vulnerability OBB-3891184

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

liberta.co.jp Cross Site Scripting vulnerability OBB-3891106

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PCI DSS 4.0: How to Ensure Full Compliance with New Requirements

The Payment Card Industry Data Security Standard PCI DSS is one of the oldest mainstream requirements for compliance, originating in 2004. The PCI Security Standards Council manages the standard to ensure security for the global payment system. It globally applies to all entities that store,...

CVE-2023-29141

creationtimestamp| type| source ---|---|--- 2023-03-31 22:22:27+00:00| seen| https://t.me/cibsecurity/61276...

linkstar.hk Cross Site Scripting vulnerability OBB-3243062

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

newvitta.com.br Cross Site Scripting vulnerability OBB-2458055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

inletnot.com XSS vulnerability

Open Bug Bounty ID: OBB-717121 Description| Value ---|--- Affected Website:| inletnot.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unt...

regionwielkopolska.pl XSS vulnerability

Open Bug Bounty ID: OBB-717113 Description| Value ---|--- Affected Website:| regionwielkopolska.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

worktheworld.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-716929 Description| Value ---|--- Affected Website:| worktheworld.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidd...

iwwdirect.com.au XSS vulnerability

Open Bug Bounty ID: OBB-716677 Description| Value ---|--- Affected Website:| iwwdirect.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...