Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21901
Total
1562
Critical
6653
High
6999
Medium
CVE ID Severity Score Description Published
CVE-2026-0125 UNKNOWN In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege … Jun 16, 2026
CVE-2026-53866 HIGH 8.1 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell … Jun 16, 2026
CVE-2026-53865 HIGH 7.1 OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute … Jun 16, 2026
CVE-2026-53864 HIGH 8.1 OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to … Jun 16, 2026
CVE-2026-53863 HIGH 7.1 OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID … Jun 16, 2026
CVE-2026-53862 MEDIUM 4.2 OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay … Jun 16, 2026
CVE-2026-53861 MEDIUM 6.6 OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content … Jun 16, 2026
CVE-2026-53860 MEDIUM 4.2 OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender … Jun 16, 2026
CVE-2026-53859 MEDIUM 6.5 OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit … Jun 16, 2026
CVE-2026-53858 HIGH 7.1 OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable … Jun 16, 2026
CVE-2026-53857 HIGH 8.1 OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers … Jun 16, 2026
CVE-2026-53856 MEDIUM 5.5 OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can … Jun 16, 2026
CVE-2026-53855 HIGH 8.1 OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools … Jun 16, 2026
CVE-2026-53854 MEDIUM 6.5 OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. … Jun 16, 2026
CVE-2026-53853 HIGH 8.3 OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux … Jun 16, 2026
CVE-2026-53852 MEDIUM 5.4 OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope … Jun 16, 2026
CVE-2026-53851 MEDIUM 5.3 OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended … Jun 16, 2026
CVE-2026-53850 MEDIUM 5.5 OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization … Jun 16, 2026
CVE-2026-53849 HIGH 8.1 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user … Jun 16, 2026
CVE-2026-53848 MEDIUM 4.3 OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command … Jun 16, 2026
CVE-2026-53847 MEDIUM 5.4 OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration … Jun 16, 2026
CVE-2026-53846 HIGH 7.1 OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled … Jun 16, 2026
CVE-2026-53845 MEDIUM 4.3 OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this … Jun 16, 2026
CVE-2026-53844 MEDIUM 6.5 OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. … Jun 16, 2026
CVE-2026-53843 HIGH 8.8 OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired … Jun 16, 2026