|
2111
|
7.7 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media ref…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-43532
|
2026-05-7 10:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2112
|
8.6 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers …
|
CWE-23
Relative Path Traversal
|
CVE-2026-43533
|
2026-05-7 10:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2113
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-43534
|
2026-05-7 10:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2114
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can expl…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-43566
|
2026-05-7 10:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2115
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifyin…
|
CWE-862
Missing Authorization
|
CVE-2026-43567
|
2026-05-7 10:52 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2116
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gat…
|
CWE-862
Missing Authorization
|
CVE-2026-43568
|
2026-05-7 10:52 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2117
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shado…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43569
|
2026-05-7 10:52 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2118
|
4.3 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manip…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7585
|
2026-05-7 10:47 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2119
|
4.3 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7586
|
2026-05-7 10:47 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2120
|
4.3 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. T…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7587
|
2026-05-7 10:47 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
