OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from a range execution bypass vulnerability in the assistant-media routing mechanism. This vulnerability...

FreeScout 1.8.206 Network Reachability and HTTP Security Audit Scanner

The provided PHP script is a network reconnaissance and auditing tool designed to scan a local IP range and identify reachable hosts potentially running web services such as FreeScout...

PT-2026-34594

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...

📄 Ghost CMS 6.19.0 SQL Injection

This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...

Linux Distros Unpatched Vulnerability : CVE-2026-35240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and...

Oracle MySQL Server 9.x.x < 9.7.0 (April 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...

CVE-2025-36074

CVE-2025-36074 affects IBM Security Verify Directory (Container) versions 10.0.0–10.0.0.3. The root cause is failure to validate file types during upload, enabling a privileged user to upload files that could be sent to victims for further attacks (CWE-434). The documented impact includes potenti...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

locizer (>=5.0.0 <=5.0.1), locizify (>=9.0.0 <=9.0.9) +1 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=9.0.0 <=9.0.1)

i18next-locize-backend NPM version =9.0.0, =5.0.0, =9.0.0, =2.0.0, =2.0.6 Source cves: CVE-2026-41885 Source advisory: SNYK:JS-I18NEXTLOCIZEBACKEND-16415530...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +89 more potentially affected by CVE-2026-41683 via i18next-http-middleware (>=3.0.2 <=3.9.2)

i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.0, =0.0.1, =0.0.229 and more Source cves: CVE-2026-41683 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415527...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41673 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41673 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134531...

xmldom: Uncontrolled recursion in XML serialization leads to DoS

Summary Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. Reported operations: - Node.prototype.normalize — reported by @praveen-kv email 2026-04-05 and...

2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +4895 more potentially affected by CVE-2026-41675 via @xmldom/xmldom (>=0.7.0 <=0.8.12)

@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =0.1.3, =1.0.4, =1.0.0, =1.2.13 and more Source cves: CVE-2026-41675 Source advisory: OSV:GHSA-X6WF-F3PX-WCQX...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +14 more potentially affected by CVE-2026-34067 via nimiq-transaction (>=0.1.0 <=0.2.0)

nimiq-transaction CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34067 Source advisory: OSV:GHSA-264V-M8FM-76JM...

nimiq-accounts (>=0.1.0 <=0.2.0), nimiq-block (>=0.1.0 <=0.2.0) +13 more potentially affected by CVE-2026-34064 via nimiq-account (>=0.1.0 <=0.2.0)

nimiq-account CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34064 Source advisory: OSV:GHSA-VC34-39Q2-M6Q3...

CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

@26lights/orcha (>=0.1.0 <=2.0.3), @8medusa/admin-bundler (>=1.0.0 <=2.12.10) +1088 more potentially affected by CVE-2026-41691 via i18next-http-backend (>=1.0.12 <=3.0.4)

i18next-http-backend NPM version =1.0.12, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =0.0.1, =0.0.2, =2.13.1, =2.13.1, =2.13.1, =2.13.1, =0.0.0, =1.0.0, =1.1.4, =1.0.0, =1.0.2 and more Source cves: CVE-2026-41691 Source advisory: OSV:GHSA-Q89C-Q3H5-W34G...