Permalink CVE-2026-3849

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

Buffer Overflow in HPKE via Oversized ECH Config

• https://github.com/wolfSSL/wolfssl/pull/9737

---

wolfSSL

• =<v5.8.4-stable

Permalink CVE-2026-32018

3.6 LOW

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): Low (L)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): Low (L)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations

• GitHub Security Advisory (GHSA-gq83-8q7q-9hfx) third-party-advisory
• Patch Commit patch
• VulnCheck Advisory: OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations third-party-advisory

---

OpenClaw

• <2026.2.19
• ==2026.2.19

Permalink CVE-2026-27570

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox

• https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv x_refsource_CONFIRM
• https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1 x_refsource_MISC
• https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1 x_refsource_MISC
• https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc x_refsource_MISC

---

discourse

• ==>= 2026.1.0-latest, < 2026.1.2
• === 2026.3.0-latest
• ==>= 2026.2.0-latest, < 2026.2.1

Permalink CVE-2026-4159

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

• https://github.com/wolfSSL/wolfssl/pull/9945

---

wolfSSL

• <5.9.0

Permalink CVE-2026-32032

7.0 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable

• GitHub Security Advisory (GHSA-f8mp-vj46-cq8v) third-party-advisory
• Patch Commit patch
• VulnCheck Advisory: OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable third-party-advisory

---

OpenClaw

• ==2026.2.22
• <2026.2.22

Permalink CVE-2026-32005

6.8 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): None (N)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip

• GitHub Security Advisory (GHSA-x2ff-j5c2-ggpr) third-party-advisory
• Patch Commit patch
• VulnCheck Advisory: OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip third-party-advisory

---

OpenClaw

• ==2026.2.25
• <2026.2.25

Permalink CVE-2026-27936

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

Discourse discloses restricted post-action counts to non-privileged users

• https://github.com/discourse/discourse/security/advisories/GHSA-v9r3-p863-6f25 x_refsource_CONFIRM

---

discourse

• ==>= 2026.1.0-latest, < 2026.1.2
• === 2026.3.0-latest
• ==>= 2026.2.0-latest, < 2026.2.1

Permalink CVE-2026-32024

5.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): None (N)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): None (N)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

• GitHub Security Advisory (GHSA-rx3g-mvc3-qfjf) third-party-advisory
• Patch Commit #1 patch
• Patch Commit #2 patch
• VulnCheck Advisory: OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling third-party-advisory

---

OpenClaw

• ==2026.2.22
• <2026.2.22

Permalink CVE-2026-32038

9.8 CRITICAL

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter

• GHSA Advisory GHSA-ww6v-v748-x7g9 third-party-advisory
• VulnCheck Advisory: OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter third-party-advisory

---

OpenClaw

• ==2026.2.24
• <2026.2.24

Permalink CVE-2026-33410

5.4 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): Low (L)
• Integrity (I): Low (L)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): None (N)

created 2 months, 3 weeks ago Activity log

• Created suggestion 2 months, 3 weeks ago

Discourse hardens chat DM channel creation and expansion

• https://github.com/discourse/discourse/security/advisories/GHSA-2m5j-6v2r-cq2h x_refsource_CONFIRM

---

discourse

• ==>= 2026.1.0-latest, < 2026.1.2
• === 2026.3.0-latest
• ==>= 2026.2.0-latest, < 2026.2.1