5359 matches found
CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an arbitrary code execution vulnerability in the mirror mode. By converting untrusted sandbox files int...
OPENSUSE-SU-2026:20479-1 Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...
EUVD-2026-20507
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery SSRF...
EUVD-2025-209308
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...
CVE-2026-32590
CVE-2026-32590 affects Red Hat Quay and relates to the handling of resumable container image layer uploads. The vulnerability stems from how intermediate upload data is stored in the database: if this data is tampered with, an attacker could trigger arbitrary code execution on the Quay server (re...
CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...
CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. Mitigation Mitigation for this issue is either not...
CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...
CVE-2026-2377
CVE-2026-2377 affects mirror-registry’s log export functionality. Authenticated users can trigger a server-side request forgery (SSRF) by supplying a crafted URL, allowing the backend to reach internal network resources. This may expose sensitive information or access to internal systems. The des...
CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...
Red Hat OpenShift Mirror Registry 安全漏洞
Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There is a security vulnerability in Red Hat OpenShift Mirror Registry. This vulnerability stems from failed authentication processes and different error messages during account...
PT-2026-31329
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
Red Hat OpenShift Mirror Registry 代码问题漏洞
Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There are code-related vulnerabilities in Red Hat OpenShift Mirror Registry. These vulnerabilities allow authenticated users to utilize the log export feature to provide custom...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006634)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006634 advisory. In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize...
GHSA-M34Q-H93W-VG5X OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped
Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute remoteWorkspaceDir and remoteAgentWorkspaceDir values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations. Impact If an attacker could influence those...