CVE Reports - DEV Community

CVE Reports

Mar 30

GHSA-46WH-3698-F2CX: CVE-2026-33186: Deny Rule Bypass in Traefik via gRPC-Go Path Canonicalization Flaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 30

GHSA-WPRJ-9CVC-5W37: GHSA-wprj-9cvc-5w37: Unauthenticated Access to Sensitive Data via Missing Authorization in AVideo

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 30

CVE-2026-34245: CVE-2026-34245: Missing Authorization and IDOR in WWBN AVideo PlayLists Plugin

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 29

CVE-2026-34247: CVE-2026-34247: Insecure Direct Object Reference and Information Disclosure in WWBN AVideo

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 29

GHSA-5JVJ-HXMH-6H6J: GHSA-5JVJ-HXMH-6H6J: Authorization Bypass in OpenClaw Gateway HTTP Session History

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-Q2QC-744P-66R2: GHSA-Q2QC-744P-66R2: OpenClaw session_status Sandbox Bypass via sessionId Resolution

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-52Q4-3XJC-6778: GHSA-52Q4-3XJC-6778: Authorization Bypass via Mutable Metadata in OpenClaw Google Chat Integration

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-RHFG-J8JQ-7V2H: GHSA-rhfg-j8jq-7v2h: Server-Side Request Forgery via Unguarded Base URLs in OpenClaw Extensions

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-3H52-CX59-C456: GHSA-3H52-CX59-C456: Denial of Service via Pre-Authentication JSON Parsing in OpenClaw Feishu Extension

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-77W2-CRQV-CMV3: GHSA-77W2-CRQV-CMV3: Authorization Bypass via Legacy Card Callbacks in OpenClaw Feishu Integration

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-H4JX-HJR3-FHGC: GHSA-H4JX-HJR3-FHGC: Privilege Escalation via Synthetic Administrator Scopes in OpenClaw Gateway Plugin Subagent

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-RF6H-5GPW-QRGQ: GHSA-RF6H-5GPW-QRGQ: Authorization Bypass in OpenClaw Microsoft Teams Extension via Invoke Activities

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-MF5G-6R6F-GHHM: GHSA-MF5G-6R6F-GHHM: Pre-Authentication Rate-Limit Bypass in OpenClaw Synology Chat Plugin

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-J4C9-W69R-CW33: GHSA-j4c9-w69r-cw33: Authorization Bypass in OpenClaw Telegram Integration via Inline Button Callbacks

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-4HMJ-39M8-JWC7: GHSA-4HMJ-39M8-JWC7: ANSI Escape Sequence Injection in OpenClaw ACP Prompts

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 29

GHSA-7FQQ-Q52P-2JJG: GHSA-7FQQ-Q52P-2JJG: Out-of-Bounds Read in OpenCC via Truncated UTF-8 Sequences

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

CVE-2026-33044: CVE-2026-33044: Stored Cross-Site Scripting in Home Assistant Map-Card

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

CVE-2026-33045: CVE-2026-33045: Stored Cross-Site Scripting in Home Assistant History-Graph Card

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

CVE-2026-33433: CVE-2026-33433: Authentication Spoofing via Header Canonicalization Bypass in Traefik Middlewares

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

GHSA-H8R8-WCCR-V5F2: GHSA-H8R8-WCCR-V5F2: Mutation-XSS via Re-Contextualization in DOMPurify

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

CVE-2026-29905: CVE-2026-29905: Persistent Denial of Service via Malformed Image Upload in Kirby CMS

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

GHSA-MVM6-F9R3-FGFX: GHSA-mvm6-f9r3-fgfx: JSON Policy Injection in AWS SDK for .NET CloudFront Signers

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

CVE-2026-4926: CVE-2026-4926: Regular Expression Denial of Service in pillarjs path-to-regexp

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

CVE-2026-4923: CVE-2026-4923: Regular Expression Denial of Service (ReDoS) in path-to-regexp

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 28

GHSA-9P93-7J67-5PC2: GHSA-9P93-7J67-5PC2: Missing Authorization in OpenClaw Gateway Session Termination

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

GHSA-9HJH-FR4F-GXC4: GHSA-9HJH-FR4F-GXC4: Privilege Escalation via WebSocket Reconnect in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

1 min read

CVE Reports

Mar 28

GHSA-FQW4-MPH7-2VR8: GHSA-FQW4-MPH7-2VR8: OpenClaw Gateway Silent Privilege Escalation via Shared-Auth Reconnect

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

GHSA-XQ8G-HGH6-87HV: GHSA-xq8g-hgh6-87hv: Missing Rate Limiting in OpenClaw BlueBubbles Webhook Enables Brute-Force Attacks

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

GHSA-9WQX-G2CW-VC7R: GHSA-9WQX-G2CW-VC7R: Authorization Bypass in OpenClaw Matrix Verification Router

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 28

GHSA-MW7W-G3MG-XQM7: GHSA-MW7W-G3MG-XQM7: Authorization Bypass in OpenClaw BlueBubbles Extension via Unfiltered Reactions

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-VCX4-4QXG-MFP4: GHSA-VCX4-4QXG-MFP4: Missing Rate Limiting in OpenClaw Telegram Webhook Authentication

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-QM2M-28PF-HGJW: GHSA-QM2M-28PF-HGJW: Privilege Escalation via Incorrect Scope Assignment in OpenClaw Gateway Plugin

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-443W-3RQ3-5M5H: GHSA-443w-3rq3-5m5h: Policy Injection via Improper Input Escaping in AWS SDK for Java v2 CloudFront Utilities

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

CVE-2026-32241: CVE-2026-32241: Command Injection in Flannel Experimental Extension Backend

#security #cve #cybersecurity

1

2 min read

CVE Reports

Mar 27

CVE-2026-33942: CVE-2026-33942: Insecure Deserialization to RCE in Saloon PHP

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 27

CVE-2026-26061: CVE-2026-26061: Unauthenticated Denial of Service via Unbounded Memory Allocation in Fleet

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 27

CVE-2026-32695: CVE-2026-32695: Ingress Rule Injection and Host Restriction Bypass in Traefik

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 27

GHSA-89V5-38XR-9M4J: GHSA-89V5-38XR-9M4J: Multiple Server-Side Request Forgery (SSRF) Vectors in Postiz

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

CVE-2026-28786: CVE-2026-28786: Path Traversal and Information Disclosure in Open WebUI Audio Transcriptions

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 27

GHSA-CFP9-W5V9-3Q4H: GHSA-CFP9-W5V9-3Q4H: Filesystem Sandbox Bypass in OpenClaw Agent Media Tools

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-7XR2-Q9VF-X4R5: GHSA-7XR2-Q9VF-X4R5: Symlink Traversal via IDENTITY.md in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-HFF2-GCPX-8F4P: GHSA-HFF2-GCPX-8F4P: Apollo Router Core XS-Search Bypass via Read-Only CSRF

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-6P22-Q7W5-33PG: CVE-2026-25969: Local Denial of Service via Memory Leak in ImageMagick ASHLAR Coder

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-9R56-3GJQ-HQF7: GHSA-9R56-3GJQ-HQF7: Memory Leak in ImageMagick META Reader Error Path

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-2J22-PR5W-6GQ8: GHSA-2j22-pr5w-6gq8: Cross-Site Scripting Filter Bypass in Loofah allowed_uri?

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 27

GHSA-PRH4-VHFH-24MJ: GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

#security #cve #cybersecurity #ghsa

1

2 min read

CVE Reports

Mar 27

GHSA-C7W3-X93F-QMM8: GHSA-C7W3-X93F-QMM8: SMTP Command Injection in Nodemailer via CRLF Sequences

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-WCJX-V2WJ-XG87: GHSA-WCJX-V2WJ-XG87: Denial of Service via Uncontrolled Recursion in pyasn1

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-9Q82-XGWF-VJ6H: GHSA-9Q82-XGWF-VJ6H: XS-Search and CSRF Prevention Bypass in Apollo Server

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-PW7H-9G6P-C378: GHSA-pw7h-9g6p-c378: Authorization Bypass and Resource Exhaustion in OpenClaw Tlon Provider

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-RM59-992W-X2MV: GHSA-RM59-992W-X2MV: Unauthenticated Resource Exhaustion and DoS in OpenClaw Voice Webhooks

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-48VW-M3QC-WR99: GHSA-48VW-M3QC-WR99: Improper Privilege Management in OpenClaw Gateway Trusted-Proxy Sessions

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-39PP-XP36-Q6MG: GHSA-39pp-xp36-q6mg: Remote Code Execution via Environment Variable Injection in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-WQ58-2PVG-5H4F: GHSA-WQ58-2PVG-5H4F: Improper Authorization and Privilege Escalation in OpenClaw Gateway Agent RPC

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

GHSA-2PV8-4C52-MF8J: GHSA-2PV8-4C52-MF8J: Instance-Wide Data Breach via Auth Bypass and IDOR Chain in Vikunja

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 26

CVE-2026-32746: CVE-2026-32746: Pre-Authentication Remote Code Execution via BSS Overflow in GNU Inetutils telnetd

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 26

CVE-2026-33675: CVE-2026-33675: Server-Side Request Forgery (SSRF) in Vikunja Task Migration

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 26

CVE-2026-33676: CVE-2026-33676: Cross-Project Information Disclosure in Vikunja API

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 26

CVE-2026-33677: CVE-2026-33677: Plaintext Credential Exposure in Vikunja Webhook API

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 26

CVE-2026-33678: CVE-2026-33678: Insecure Direct Object Reference in Vikunja Task Attachments

#security #cve #cybersecurity

2 min read

One Year Club