OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from flaws in the plugin installation process, and failed security scans did not prevent the installation...

PT-2026-35762

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A fail-open issue exists in the plugin installation flow where security scan failures do not block the installation process. This allows attackers to install untrusted plugins if operators choos...

GHSA-CWQ8-6F96-G3Q4 OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open)

Summary Security Scan Failure Does Not Block Plugin Installation Fail-Open Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Real in shipped v2026.3.28 plugin install flow, but low severity fits because it still requires an operator to choose installation of an...

CVE-2026-28407

A flaw was found in malcontent, a software designed to discover supply-chain compromises. Prior to version 1.21.0, malcontent would remove nested archives that failed to extract, which could potentially leave malicious content unexamined. This oversight could allow an attacker to bypass security...

Exploit for Out-of-bounds Read in Libpng

Spring Boot Minimal Images PoC Dummy Spring Boot application...

Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks

How secure are top private AI companies? Find out from our scans and disclosures...

EUVD-2002-1741

Malware in sbrugna...

EUVD-2022-37379

Malicious code in bioql PyPI...

EUVD-2023-44558

Malicious code in bioql PyPI...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Help links not using security attributes

h3. Issue Summary Links to documentation use the anchor tag attribute target="blank" without using rel="noopener noreferrer". Best practice is to include rel="noopener noreferrer" on any link opened with target="blank" We've had some customers report that this is triggering automated security...

Apache vulnerability CVE-2006-20001 CVE-2022-36760  CVE-2022-37436 in License Server version 11.17.2

Apache/2.4.54 contains vulnerabilities and is used in the Citrix License Server version 11.17.2 build 41000. Security scans may raise the following CVEs: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436...

Fake security researchers push malware files on GitHub

Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...

Security Benefits of Cloud Automation

Learn more about how cloud automation can simplify security controls, policies, and scans...

Upgrade Apache Commons-text for CVE-2022-42889

h3. BUG RE-OPENED Jira Service Management 5.4.3 which was supposed to be fixed at 9.4.3 / 5.4.3 is still generating files with common text library of 1.6 version in the /plugins/.osgi-plugins folder. Even after deleting these files, they keep generating them back again in the next restart. Due to...

CVE-2022-34424

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans...

CVE-2022-34424

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans...

Code injection

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans...