EUVD-2026-26096

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

CVE-2026-41387 OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitization

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

PT-2026-35772

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

Arbitrary file editing vulnerability in niubicms v1.8

Cow CMS is a free version of the local portal PHP source code system. Includes: news, real estate, talent, automotive, local business station three-level domain name station, merchant business cards and other functions. niubicms v1.8 version of the existence of arbitrary file editing vulnerabilit...

Arbitrary File Editing Vulnerability in isite v2.1.2

ISite enterprise building system is for people who know a little website construction and HTML technology such as enterprise website builders and developed a set of open source free program specifically for enterprise building. ISite v2.1.2 in the existence of arbitrary file editing vulnerability...

Arbitrary File Editing Vulnerability in SDCMS Version v3.3

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v3.3 version of the existence of arbitrary file editing vulnerability, the vulnerability stems from the file path to modify the file and the content of the file to be written into the file are not...

Arbitrary File Creation Vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of arbitrary file creation vulnerability, the attacker can be edited through the background of the online template comes with the creation point to create any suffix file and write Trojan...