CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

Malicious code in hiveos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

EUVD-2026-17016

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

GHSA-WMGJ-HRX3-23GJ Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xf99-j42q-5w5p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local...

Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xf99-j42q-5w5p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local...

Duplicate Advisory: OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qc36-x95h-7j53. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutabl...

EUVD-2026-17018

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...

CVE-2026-32978

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

CVE-2026-32979

OpenClaw CVE-2026-32979 affects versions prior to 2026.3.11, where an approval integrity vulnerability enables attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can alter approved local scripts befo...

CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...

CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...

CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

CVE-2026-32978

OpenClaw OpenClaw

CVE-2026-32978

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

Malicious code in database-roblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

EUVD-2026-16961

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.11 contained security vulnerabilities. These vulnerabilities were due to approval integrity issues. When precise file binding was not possible, attackers could modify scripts...