CVE-2026-44114

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

EUVD-2026-28194

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

GHSA-9R9J-3R2W-FG3V Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

CVE-2025-1532

creationtimestamp| type| source ---|---|--- 2025-04-17 09:59:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12202 2025-04-17 10:48:37+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114352908967822671 2025-04-17 10:48:54+00:00| seen|...

CVE-2024-56136

creationtimestamp| type| source ---|---|--- 2025-01-16 19:29:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113839687252021271 2025-01-16 19:56:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2024 2025-01-16 20:16:07+00:00| seen|...

[SECURITY] Fedora 41 Update: chromium-131.0.6778.264-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2020-9081

creationtimestamp| type| source ---|---|--- 2024-12-27 09:41:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113724127952032186 2024-12-27 10:15:34+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lebqz6rdxf2o 2024-12-27 11:48:46+00:00| seen|...

CVE-2024-12881

creationtimestamp| type| source ---|---|--- 2024-12-24 09:28:53+00:00| seen| https://infosec.exchange/users/cve/statuses/113707092068105611 2024-12-24 10:15:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3le27mhgaws2a 2024-12-24 11:53:40+00:00| seen|...

Security update for libreoffice

This update for libreoffice fixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

tomcat security and bug fix update

1:9.0.62-37 - Resolves: RHEL-12551 - Remove JDK subpackges which are unused 1:9.0.62-16 - Related: 2184133 Declare file conflicts 1:9.0.62-15 - Resolves: 2184133 Fix bug in Obsoletes 1:9.0.62-14 - Resolves: 2210632 CVE-2023-28709 tomcat 1:9.0.62-13 - Resolves: 2189675 Missing Tomcat POM files in...

afETH.withdrawTime() still returns an invalid withdrawTime.

See the markdown file with the details of this report here. --- The text was updated successfully, but these errors were encountered: All reactions...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor 5 prior to 35.0.1, which stems from updating source elements with markup from the CKEditor 5 data pipeline after destroying the editor...

SUSE-SU-2020:2041-1 Security update for rust, rust-cbindgen

This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures bsc1173202 Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512...