PT-2026-41480

Name of the Vulnerable Software and Affected Versions opensearch versions prior to 2.19.0 opensearch-ingest-attachment-plugin affected versions not specified opensearch-mapper-annotated-text-plugin affected versions not specified opensearch-mapper-murmur3-plugin affected versions not specified...

CVE-2026-43569

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

RHCOS 4 : OpenShift Container Platform 4.2.36 containernetworking-plugins (RHSA-2020:2592)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2592 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:0964)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0964 advisory. - openshift/jenkins-plugin: Deserialization in snakeyaml YAML objects allows for remote code execution CVE-2020-2167 Note that Nessus has not...

RHCOS 4 : Red Hat OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:2662)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2662 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...

RHCOS 4 : OpenShift Container Platform 4.4.z jenkins-2-plugins (RHSA-2020:2737)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2737 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 4 : OpenShift Container Platform 4.5.4 jenkins-2-plugins (RHSA-2020:3207)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3207 advisory. - jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts CVE-2020-2190 Note that Nessus has no...

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:2651)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2651 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...

RHCOS 4 : OpenShift Container Platform 4.4.8 containernetworking-plugins (RHSA-2020:2403)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2403 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

RHCOS 4 : OpenShift Container Platform 4.4.20 jenkins-2-plugins (RHSA-2020:3625)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3625 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...

RHCOS 3 : OpenShift Container Platform 3.11.318 jenkins-2-plugins (RHSA-2020:5102)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5102 advisory. - jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM CVE-2020-2252 -...

RHCOS 4 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1248 advisory. - workflow-cps: OS command execution through crafted SCM contents CVE-2022-25173 - workflow-cps-global-lib: OS command execution...

RHCOS 4 : OpenShift Container Platform 4.3.25 containernetworking-plugins (RHSA-2020:2443)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2443 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

RHCOS 4 : OpenShift Container Platform 4.4.33 (RHSA-2021:0282)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0282 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the objects/plugins.json.php endpoint, which exposes sensitive configuration data including APISecret. An attacker can gain unauthorized...

CVE-2026-43571

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

CVE-2026-43569

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

EUVD-2026-27293

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

CVE-2026-43571

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...