•41 minutes ago•GHSA-HR5V-J9H9-XJHG
7.7GHSA-HR5V-J9H9-XJHG: Sandbox Bypass and Arbitrary File Exfiltration in OpenClaw
OpenClaw prior to version 2026.3.24 contains a high-severity path traversal vulnerability (CWE-22) within its outbound media handling logic. By leveraging unnormalized parameter aliases, sandboxed agents can bypass filesystem isolation to read and exfiltrate arbitrary files from the host system.
0 views•6 min read
•about 1 hour ago•CVE-2026-34368
5.3CVE-2026-34368: TOCTOU Race Condition in WWBN AVideo YPTWallet Plugin
WWBN AVideo versions up to and including 26.0 suffer from a Time-of-Check-Time-of-Use (TOCTOU) race condition in the YPTWallet plugin's transfer logic. This vulnerability allows authenticated users to bypass balance checks via concurrent requests, enabling unauthorized financial transfers. The flaw is compounded by a secondary vulnerability that permits captcha token reuse.
0 views•6 min read
•about 6 hours ago•CVE-2025-53521
9.8CVE-2025-53521: Unauthenticated Remote Code Execution in F5 BIG-IP APM
CVE-2025-53521 is a critical vulnerability in the F5 BIG-IP Access Policy Manager (APM) that permits unauthenticated, remote attackers to achieve Remote Code Execution (RCE) or Denial of Service (DoS). The flaw exists in the Traffic Management Microkernel (TMM) process, which fails to appropriately throttle or limit resource allocation when handling specific malicious traffic directed at active APM policies.
7 views•5 min read
•about 9 hours ago•GHSA-C279-989M-238F
6.9GHSA-C279-989M-238F: Nil Pointer Dereference in Sliver C2 Reverse Tunnel Handler
A Nil Pointer Dereference vulnerability exists in the Sliver adversary emulation framework, specifically within the `tunnelCloseHandler` function. Authenticated operators or active implants can trigger a goroutine panic by attempting to close a reverse tunnel. This results in a localized denial-of-service condition and subsequent resource leakage.
4 views•6 min read
•about 18 hours ago•GHSA-46WH-3698-F2CX
9.3CVE-2026-33186: Deny Rule Bypass in Traefik via gRPC-Go Path Canonicalization Flaw
A critical authorization bypass vulnerability exists in Traefik due to improper path normalization in its underlying gRPC-Go dependency (CVE-2026-33186). Unauthenticated attackers can bypass configured deny rules by sending maliciously crafted gRPC requests over HTTP/2 that omit the mandatory leading slash in the :path pseudo-header. This canonicalization mismatch allows unauthorized access to protected services.
9 views•6 min read
•about 19 hours ago•GHSA-WPRJ-9CVC-5W37
7.5GHSA-wprj-9cvc-5w37: Unauthenticated Access to Sensitive Data via Missing Authorization in AVideo
WWBN AVideo versions up to and including 26.0 suffer from a systematic authorization failure (CWE-862). Unauthenticated attackers can query multiple JSON endpoints across various plugins to extract sensitive system, financial, and user data. The vulnerability resides in the omission of access control checks within data table listing scripts.
6 views•5 min read
•about 19 hours ago•CVE-2026-34245
6.3CVE-2026-34245: Missing Authorization and IDOR in WWBN AVideo PlayLists Plugin
WWBN AVideo versions 26.0 and prior suffer from a missing authorization vulnerability within the PlayLists plugin. The add.json.php endpoint fails to validate whether an authenticated user possesses management rights over target playlist schedules. This oversight allows low-privileged attackers with basic streaming permissions to forge schedule entries, leading to unauthorized cross-user broadcast hijacking and stream disruption.
7 views•7 min read
•about 20 hours ago•CVE-2026-34247
5.4CVE-2026-34247: Insecure Direct Object Reference and Information Disclosure in WWBN AVideo
WWBN AVideo versions up to and including 26.0 suffer from a Missing Authorization (IDOR) vulnerability in the plugin/Live/uploadPoster.php endpoint. An authenticated attacker can overwrite the poster image of any scheduled live stream. Furthermore, the exploitation triggers a WebSocket broadcast that leaks the victim's private broadcast key and user ID to all connected clients.
7 views•7 min read
•about 20 hours ago•GHSA-5JVJ-HXMH-6H6J
5.3GHSA-5JVJ-HXMH-6H6J: Authorization Bypass in OpenClaw Gateway HTTP Session History
The OpenClaw Gateway HTTP API contains an incorrect authorization implementation that fails to enforce operator read scopes on the session history route. This flaw allows users with low-privileged authentication tokens to read sensitive chat transcripts that should be restricted to operators with explicit read permissions.
7 views•5 min read
•about 21 hours ago•GHSA-Q2QC-744P-66R2
6.5GHSA-Q2QC-744P-66R2: OpenClaw session_status Sandbox Bypass via sessionId Resolution
The OpenClaw AI personal assistant framework contains an authorization bypass in the `session_status` tool. A logic flaw in input resolution allows sandboxed subagents to query the status of parent or sibling sessions, circumventing intended visibility restrictions.
4 views•5 min read
•about 21 hours ago•GHSA-52Q4-3XJC-6778
8.1GHSA-52Q4-3XJC-6778: Authorization Bypass via Mutable Metadata in OpenClaw Google Chat Integration
OpenClaw versions prior to 2026.3.25 suffer from an authorization bypass vulnerability in the Google Chat integration. The flaw occurs due to reliance on mutable room names for policy enforcement, allowing unprivileged users to escalate privileges by renaming chat spaces.
6 views•5 min read
•about 22 hours ago•GHSA-RHFG-J8JQ-7V2H
7.2GHSA-rhfg-j8jq-7v2h: Server-Side Request Forgery via Unguarded Base URLs in OpenClaw Extensions
OpenClaw versions prior to 2026.3.26 suffer from a high-severity Server-Side Request Forgery (SSRF) vulnerability. The application fails to apply strict URL validation and DNS pinning mechanisms across multiple channel extensions, allowing users with configuration access to target internal network services.
7 views•6 min read