CVE Vulnerabilities - 3 March 2026

Samsung Exynos Processors: Denial of Service via Bootup Input

CVE-2025-62816

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads...

5.5

Samsung Exynos Processors Crashed by Certain System Commands

CVE-2025-62815

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_re...

5.5

OpenClaw Exposes Local Files via Symlink Attack

GHSA-rx3g-mvc3-qfjf

### Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar ...

5.5

OpenClaw Node Role Device Bypass Allows Unauthorized Node Events

GHSA-rv2q-f2h5-6xmg

### Summary A client authenticated with a shared gateway token could connect as `role=node` without device identity/pairing, then call `node.event` to...

5.4

HomeBox Allows Malicious Attachments to Execute Code

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attach...

5.4

Dify's Chat Diagrams Can Let Hackers Run Malicious Code

CVE-2026-21866

Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within ...

5.1

NocoDB: Stored Cross-Site Scripting Risk in Rich Text Cells

CVE-2026-28401 GHSA-wwp2-x4rj-j8rm

### Summary Rich text cell content rendered via `v-html` without sanitization, enabling stored XSS. ### Details Rich text in `TextArea.vue` was parse...

7.5

NocoDB Comments Can Execute Malicious Scripts

CVE-2026-28397 GHSA-rcph-x7mj-54mm

### Summary Comments rendered via `v-html` without sanitization, enabling stored XSS. ### Details Comments in `Comments.vue` were parsed by markdown-...

5.3

NocoDB: Malicious Code Can Run on Any User's Browser

CVE-2026-28398 GHSA-8vm4-g489-v3w7

### Summary User-controlled content in comments and rich text cells was rendered via `v-html` without sanitization, enabling stored XSS. ### Details ...

5.3

IBM Engineering Requirements Management DOORS Next 7.1 and 7.2 permissions bypass

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access...

5.4

OpenClaw's Zalo plugin allows unauthorized group messages

GHSA-534w-2vm4-89xr

A missing group-sender authorization check in the Zalo plugin allowed unauthorized `GROUP` messages to enter agent dispatch paths in configurations in...

5.3

OpenClaw: Unauthorized Access to Tools via Sender Identity Collision

GHSA-wpph-cjgr-7c39

### Summary `channels.*.groups.*.toolsBySender` could match a privileged sender policy using a colliding mutable identity value (for example `senderNa...

5.3

OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

GHSA-792q-qw95-f446

### Summary In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were ...

5.3

Nextcloud Talk webhooks can be replayed, causing duplicate actions

GHSA-r9q5-c7qc-p26w

### Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate ...

5.3

OpenClaw's Synology Chat Plugin Allows Unauthorized Access

GHSA-gw85-xp4q-5gp9

### Summary In `openclaw` versions `2026.2.22` and `2026.2.23`, the optional `synology-chat` channel plugin had an authorization fail-open condition: ...

5.3

OpenClaw Allows Unauthorized Users to Send Messages

GHSA-25pw-4h6w-qwvm

### Summary In `[email protected]`, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities...

5.3

OpenClaw Session Export HTML Viewer Allows Malicious Code Execution

GHSA-r294-2894-92j3

## Summary The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata...

5.3

OpenClaw Feishu Authorization Bypass via Display Name Collision

GHSA-j4xf-96qf-rx69

### Summary Feishu allowlist authorization could be bypassed by display-name collision. ### Details `channels.feishu.allowFrom` is documented as an...

5.3

OpenClaw: Untrusted Environment Variables Can Be Executed

GHSA-5h2c-8v84-qpvr

### Summary OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before load...

5.3

OpenClaw 2026.2.22-2026.2.24 allows unauthorized access to admin privileges

GHSA-553v-f69r-656j

### Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes (including `operator.admi...

5.3

MS Teams Integration in OpenClaw Allows Unauthorized File Access

GHSA-j26j-7qc4-3mrf

### Summary In `openclaw` MS Teams file-consent flow, pending uploads were authorized by `uploadId` alone. `fileConsent/invoke` did not verify the inv...

5.3

OpenClaw allows attackers to intercept iMessage attachments

GHSA-2mc2-g238-722j

## Summary Remote iMessage attachment fetches used SCP with trust-on-first-use host-key behavior and accepted unvalidated remote host tokens. Before...

5.3

OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

GHSA-354r-7mfh-7rh2

### Summary In OpenClaw `<= 2026.2.24`, Discord direct-message reaction notifications did not consistently apply the same DM authorization checks (`dm...

5.3

OpenClaw: Writes outside intended folders in browser outputs

GHSA-3pxq-f3cp-jmxp

### Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in `openclaw` versions up to and including `202...

5.3

IBM InfoSphere Information Server writes sensitive data to logs

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file....

5.3