CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

EUVD-2026-24290

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

CVE-2026-25883

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

EUVD-2026-23619

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

PT-2026-33548

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

GHSA-736R-JWJ6-4W23 OpenClaw: Sandboxed agents could escape exec routing via host=node override

Summary Sandboxed agents could escape exec routing via host=node override. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 = 2026.4.10 Impact A sandboxed agent could request host: "node" and route exec to a remote node instead of the intended...

GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

GHSA-HR2V-4R36-88HR Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions /, instead of the expected //, potentially overwriting the contents of the targeted directory. Note: a chart name containing POSIX dot-dot, or dot-dot and slashes as if to refer to parent directories do not resolve beyond the...

GHSA-67MF-F936-PPXF OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval

Impact OpenClaw node.pair.approve placed in operator.write scope instead of operator.pairing allows unprivileged pairing approval. The pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes. OpenClaw is a user-controlled...

EUVD-2026-7407

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp...

CVE-2026-34955

CVE-2026-34955 relates to PraisonAI’s SubprocessSandbox (PraisonAI, version around 4.5.87 as shown in PoC) where all sandbox modes (BASIC, STRICT, NETWORK_ISOLATED) use subprocess.run() with shell=True and rely on a string-pattern blocklist. The policy does not block shell invocations like sh/bas...

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2026-35218

Budibase (open‑source low-code platform) prior to version 3.32.5 is affected by a Stored XSS in the Builder Command Palette. The vulnerability arises because entity names (tables, views, queries, automations) are rendered using Svelte’s {@html} without sanitization, allowing an authenticated Buil...

CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

GHSA-37V6-FXX8-XJMX OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...

GHSA-J9PV-RRCJ-6PFX OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes

Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...

CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

CVE-2026-34382

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...