2182 matches found
Vikunja 代码注入漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained a code injection vulnerability. This vulnerability occurred because the Vikunja Desktop Electron wrapper enabled nodeIntegration in the main BrowserWindow without any...
PT-2026-27444
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-32912
Rejected reason: This CVE ID has been rejected...
CVE-2026-32900
Rejected reason: This CVE ID has been rejected...
CVE-2026-32047
Rejected reason: This CVE ID has been rejected...
CVE-2026-28455
Rejected reason: This CVE ID has been rejected...
CVE-2026-27183
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
CVE-2026-32912
OpenClaw 2016.2.26 exposes a local a vulnerability in Windows wrapper resolution for .cmd/.bat files, where current working directory manipulation can change wrapper resolution and lead to command execution integrity loss. Affected: OpenClaw versions prior to 2026.3.1. Root cause: current working...
CVE-2026-32912
...
CVE-2026-32900
...
CVE-2026-32900
OpenClaw CVE-2026-32900 affects versions prior to 2026.2.22. The vulnerability is an authorization bypass in allowlist mode due to allow-always persistence at the wrapper level, enabling approval-bypass execution of different payloads. This allows attackers to approve benign wrapped system.run co...
CVE-2026-28455
...
CVE-2026-28455
OpenClaw vulnerable before 2026.2.22 due to an allowlist bypass in system.run exec analysis. The flaw allows attackers to route execution through wrapper binaries (e.g., env, bash) and bypass intended allowlist restrictions by failing to unwrap env and shell-dispatch wrapper chains. Affected prod...
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
CVE-2026-27183
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
EUVD-2026-14555
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
PT-2026-27234
OpenClaw before 2026.2.22 contains an authorization bypass vulnerability in allowlist mode where allow-always persistence at wrapper-level enables approval-bypass execution of different payloads. Attackers can approve benign wrapped system.run commands to broaden trust boundaries and execute...
PT-2026-27244
OpenClaw versions 2026.2.26 before 2026.3.1 contain a current working directory injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows shell execution fallback. Attackers can manipulate the current working directory to alter wrapper resolution behavior and achieve...
EUVD-2026-14254
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains...