CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
OpenClaw before version 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens.
OpenClaw before version 2026.5.18 contains a provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway.
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agents incorrectly receive owner-scoped MCP loopback authority. Attackers with a valid hook token can exploit the /hooks/agent endpoint to access owner-only MCP tools.
OpenClaw before version 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing malicious code or accessing sensitive data.
OpenClaw before version 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.
OpenClaw before version 2026.5.7 contains a privilege escalation vulnerability in the allowFrom feature in Matrix, allowing authenticated accounts to match policy entries through mutable display name metadata. Attackers who can change display names may gain agent access intended for another Matrix identity.
OpenClaw before version 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.
OpenClaw before version 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied, triggering command behavior outside configured Telegram sender restrictions.
OpenClaw before version 2026.5.12 contains a shell option parsing vulnerability that allows bypassing exec revalidation checks. Attackers can exploit this vulnerability to execute unauthorized commands.
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint, with no authentication required to retrieve still images from the camera feed.
Brickcom cameras ship with default credentials that allow any unauthenticated remote attacker to silently access camera feeds.
The vulnerability in Summarize before version 0.17.0 allows attackers controlling a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values.
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table.
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepted any file type without validation, allowing SVG files with embedded JavaScript to be uploaded.
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations.
In Vim prior to version 9.2.0597, the Python omni-completion feature executes reconstructed function and class definitions from the current buffer using exec(). Python evaluates default argument values, parameter annotations, and class base expressions at definition time, allowing a malicious buffer to execute attacker-controlled Python expressions during omni-completion. The existing g:pythoncomplete_allow_import mitigation does not cover this path because the attacker-controlled code is not a harvested import/from statement.
In Vim, prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copied the visible terminal screen into the scrollback buffer, which could lead to out-of-bounds array access. As a result, a program rendered inside a :terminal window could trigger a crash.
Vim prior to version 9.2.0561 has a security issue related to executing code from malicious .py files when using Python's omni-completion feature. As a result, malicious code can be run in the context of the editing user.
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json. These inputs are interpolated unsanitized into a child_process.execSync() call in the release.yml workflow.
Quest Bot is a modern Discord bot that prior to version 1.0.5 had a vulnerability in the AutoMod feature, allowing the removal of rules without verifying their association with the server. A user could identify the victim guild's AutoMod rule ID and remove it from another guild where they had Manage Server permissions.

