CVE Vulnerabilities - 18 March 2026

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF e...

A security weakness in Roxy-WI's web interface before version 8.2.6.3 lets attackers who are already logged in to the system run any system commands on the server. This is a serious issue because it c...

A security flaw in ONNX allows hackers to trick users into downloading and running malicious models from untrusted sources without any warnings. This can lead to sensitive information being stolen fro...

OpenClaw's Feishu media download feature can allow an attacker to write files to any location on the server by manipulating the Feishu media key. This is a security risk because it could allow an atta...

OpenClaw, a software package, has a security issue that could allow an attacker to write files outside the intended temporary directory. This is a problem because an attacker could potentially write m...

A security issue in Keycloak allows an attacker to bypass security controls and authenticate with a disabled SAML Identity Provider. This could lead to unauthorized access to your system. To protect y...

Keycloak's SAML feature has a flaw that allows an attacker to create a fake SAML response, potentially gaining unauthorized access to your system. This could lead to sensitive information being disclo...

A security weakness in xiaoheiFS versions up to 0.3.15 lets system administrators upload and run any file on their servers. This could allow an attacker to take control of the server. Update to versio...

An attacker can upload a specially crafted zip file to execute arbitrary code on the server, potentially allowing them to take control of the system. This affects all versions of xiaoheiFS up to 0.3.1...

A bug in pyOpenSSL could cause a crash if a server is given a very long cookie value. This has been fixed by pyOpenSSL's developers, so you should update to the latest version to stay safe.

A security issue in OpenClaw could allow unauthorized code to be executed, even if you've restricted certain actions. This happens because OpenClaw doesn't properly check some types of shell wrappers....

OpenClaw's approval system can be tricked into allowing unauthorized access. If an attacker uses a specific type of shell wrapper, they can bypass the approval process, even if they shouldn't be allow...

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from rep...

Kanboard's user invite registration process allowed attackers to create admin accounts by manipulating the registration form. This vulnerability has been fixed in version 1.2.51. Update to the latest ...

LeafKit's data display feature can be bypassed, allowing hackers to inject malicious code. This can happen when displaying collections of data. To fix this, update LeafKit to the latest version or app...

An attacker can create many optimized images and fill up your disk space, causing your website to become unavailable. To fix this, update to the latest version of Next.js, or if you can't update right...

Some Next.js servers can crash if an attacker sends a very large file, causing the server to run out of memory. This is because Next.js doesn't always check the size of large file uploads. To protect ...

OpenClaw on macOS can execute unintended commands on the node host if you're using the allowlist mode. This can happen if you have a benign executable in your allowlist, but it's used in a way that al...

OpenClaw's macOS node-host path allows unauthorized commands to run when 'security=allowlist' is set, potentially leading to unintended command execution on the node host. This issue is specific to ma...

The OpenClaw software does not properly check the source of files attached to messages, which could allow an attacker to access sensitive local files. This is a concern for businesses using OpenClaw's...

A security flaw in OpenClaw allows unauthorized access to files on your computer if a malicious message is received. This is fixed in version 2026.2.24, which is now available. Upgrade to this version...

OpenClaw, a software, has a security issue that can cause it to block message processing if it receives specially crafted metadata from Feishu. This is because the software does not properly escape ce...

A security issue in OpenClaw allows an attacker to manipulate message content or slow down message processing if they can control Feishu mention metadata. This can happen if you're using OpenClaw vers...

An issue in OpenClaw's Windows approval system can allow an attacker to execute unauthorized commands on a trusted Windows node. This can happen when an operator approves a seemingly harmless command,...

OpenClaw, a Windows-based system, has a security flaw that allows unauthorized code to run on the system when a trusted user approves a command. This can happen when a user is tricked into approving a...