CVE-2026-32023

OpenClaw : vulnerable up to version 2026.2.23 due to an approval-gating bypass in system.run allowlist mode caused by a dispatch-wrapper depth-cap mismatch. Attackers could chain nested wrappers (e.g., /usr/bin/env) to execute /bin/sh -c commands without triggering the approval prompt. The issue ...

EUVD-2026-13294

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh...

CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh...

CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

CVE-2026-32003

CVE-2026-32003 affects OpenClaw, versions prior to 2026.2.22, where the system.run function is vulnerable to environment variable injection via SHELLOPTS and PS4. A request-scoped environment variable can bypass the command allowlist by exploiting bash xtrace expansion, allowing execution of arbi...

EUVD-2026-13204

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-32169

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability

...

CVE-2026-32169

Azure Cloud Shell contains a server-side request forgery (SSRF) vulnerability (CVE-2026-32169) that could allow an unauthenticated attacker to elevate privileges over a network. The CVSS v3.1 base score is 10.0 (CRITICAL) with network attack vector, low complexity, no privileges required, no user...

CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability

...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

GHSA-XGXP-F695-6VRP In Soft Serve, an authenticated repo import can clone server-local private repositories

Summary An authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This breaks the private-repository confidentiality boundary and should be treated as High severity...

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

Intake has a Command Injection via shell() Expansion in Parameter Defaults

Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...

GHSA-37G4-QQQV-7M99 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...

CVE-2023-43010

A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server,...

Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-13087

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1...

CVE-2026-27067

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through = 1.3.1...

CVE-2026-27067 WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1...