Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-rw46-qg69-vg6h |
5.3 (4.0)
|
Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access | 2026-07-14T00:34:03Z | 2026-07-14T00:34:03Z |
| ghsa-v8hx-4vx8-wc96 |
7.1 (4.0)
|
Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP | 2026-07-14T00:33:39Z | 2026-07-14T00:33:39Z |
| ghsa-m7mf-xqv5-gg8f |
4.3 (3.1)
2.1 (4.0)
|
A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the func… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:05Z |
| ghsa-crh7-2j46-hqrj |
|
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long cert… | 2026-07-14T00:31:05Z | 2026-07-14T00:31:05Z |
| ghsa-cfx5-q5qm-x936 |
8.8 (3.1)
8.7 (4.0)
|
Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets… | 2026-07-14T00:31:05Z | 2026-07-14T00:31:05Z |
| ghsa-9fwc-2x22-7m65 |
6.3 (3.1)
2.1 (4.0)
|
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the fu… | 2026-07-14T00:31:05Z | 2026-07-14T00:31:05Z |
| ghsa-8wqq-45fp-2xmp |
|
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer derefe… | 2026-07-14T00:31:05Z | 2026-07-14T00:31:05Z |
| ghsa-5293-6wqf-75gr |
6.3 (3.1)
2.1 (4.0)
|
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the functio… | 2026-07-14T00:31:05Z | 2026-07-14T00:31:05Z |
| ghsa-xjwv-xjj9-gqqc |
7.5 (3.1)
8.7 (4.0)
|
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-w9r7-4gwr-j959 |
6.6 (3.1)
5.3 (4.0)
|
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerabilit… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-rqg5-28vh-5645 |
8.8 (3.1)
8.7 (4.0)
|
OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin … | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-q932-85w6-fmxr |
8.3 (3.1)
8.7 (4.0)
|
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where Wha… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-mr4r-hcgx-8p4h |
7.4 (3.1)
8.3 (4.0)
|
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url funct… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-jw7v-5mp7-ghgm |
8.5 (3.1)
6.3 (4.0)
|
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accep… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-jfxm-h5m6-27f9 |
4.3 (3.1)
5.3 (4.0)
|
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-j4h2-3wwr-928r |
8.6 (3.1)
7.7 (4.0)
|
Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that all… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-hq6h-q7pr-4qqv |
3.1 (3.1)
2.3 (4.0)
|
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactM… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-h7rf-pv8c-84mg |
8.8 (3.1)
8.7 (4.0)
|
OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allo… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-fjpv-pfvg-c462 |
8.8 (3.1)
8.7 (4.0)
|
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-7gvh-h32g-9cfw |
9.1 (3.1)
9.3 (4.0)
|
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-68pw-c734-2rr2 |
8.8 (3.1)
8.7 (4.0)
|
OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss i… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-5pr8-xjq5-2wrc |
8.3 (3.1)
8.7 (4.0)
|
OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MC… | 2026-07-14T00:31:04Z | 2026-07-14T00:31:04Z |
| ghsa-wg67-843q-9p4v |
7.1 (3.1)
7.1 (4.0)
|
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-wfxc-2q5g-mm98 |
4.9 (3.1)
6.9 (4.0)
|
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers t… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-w4jg-w96x-q3wh |
7.5 (3.1)
8.7 (4.0)
|
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpo… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-vgjq-7pq9-cvwp |
7.1 (3.1)
7.6 (4.0)
|
OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feat… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-qhh8-mfpm-5j6c |
7.6 (3.1)
7.2 (4.0)
|
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatibl… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-mm88-h44m-w2gp |
8.1 (3.1)
8.6 (4.0)
|
OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-accou… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-j48q-3j3c-39fr |
8.1 (3.1)
7.2 (4.0)
|
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |
| ghsa-gqfx-xr3c-xq42 |
8.1 (3.1)
8.6 (4.0)
|
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerab… | 2026-07-14T00:31:03Z | 2026-07-14T00:31:03Z |