CVE Vulnerabilities - 18 March 2026

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF e...

A security weakness in Roxy-WI's web interface before version 8.2.6.3 lets attackers who are already logged in to the system run any system commands on the server. This is a serious issue because it c...

A security flaw in ONNX allows hackers to trick users into downloading and running malicious models from untrusted sources without any warnings. This can lead to sensitive information being stolen fro...

OpenClaw's Feishu media download feature can allow an attacker to write files to any location on the server by manipulating the Feishu media key. This is a security risk because it could allow an atta...

A security issue in Keycloak allows an attacker to bypass security controls and authenticate with a disabled SAML Identity Provider. This could lead to unauthorized access to your system. To protect y...

Keycloak's SAML feature has a flaw that allows an attacker to create a fake SAML response, potentially gaining unauthorized access to your system. This could lead to sensitive information being disclo...

A security weakness in xiaoheiFS versions up to 0.3.15 lets system administrators upload and run any file on their servers. This could allow an attacker to take control of the server. Update to versio...

An attacker can upload a specially crafted zip file to execute arbitrary code on the server, potentially allowing them to take control of the system. This affects all versions of xiaoheiFS up to 0.3.1...

A bug in pyOpenSSL could cause a crash if a server is given a very long cookie value. This has been fixed by pyOpenSSL's developers, so you should update to the latest version to stay safe.

OpenClaw's approval system can be tricked into allowing unauthorized access. If an attacker uses a specific type of shell wrapper, they can bypass the approval process, even if they shouldn't be allow...

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from rep...

Kanboard's user invite registration process allowed attackers to create admin accounts by manipulating the registration form. This vulnerability has been fixed in version 1.2.51. Update to the latest ...

LeafKit's data display feature can be bypassed, allowing hackers to inject malicious code. This can happen when displaying collections of data. To fix this, update LeafKit to the latest version or app...

An attacker can create many optimized images and fill up your disk space, causing your website to become unavailable. To fix this, update to the latest version of Next.js, or if you can't update right...

Some Next.js servers can crash if an attacker sends a very large file, causing the server to run out of memory. This is because Next.js doesn't always check the size of large file uploads. To protect ...

OpenClaw on macOS can execute unintended commands on the node host if you're using the allowlist mode. This can happen if you have a benign executable in your allowlist, but it's used in a way that al...

The OpenClaw software does not properly check the source of files attached to messages, which could allow an attacker to access sensitive local files. This is a concern for businesses using OpenClaw's...

OpenClaw, a software, has a security issue that can cause it to block message processing if it receives specially crafted metadata from Feishu. This is because the software does not properly escape ce...

OpenClaw, a Windows-based system, has a security flaw that allows unauthorized code to run on the system when a trusted user approves a command. This can happen when a user is tricked into approving a...

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their...

The WP Go Maps plugin for WordPress is vulnerable to a security issue that allows attackers to inject malicious code into pages. This could happen if an attacker with a basic level of access to the we...

If you're using OpenClaw's web tools and proxy settings, an attacker could potentially access internal or private targets. This is because the tool's strict URL checks aren't enough to prevent proxy r...

A security flaw in OpenClaw's non-default settings allows external code to be executed without proper approval. This could lead to unauthorized actions being taken on your system. Update to the latest...

Next.js rewrites can be tricked into allowing attackers to send requests to unintended backend routes, potentially allowing unauthorized access. This is fixed in newer versions of Next.js, but if you ...

A security issue in OpenClaw allows an attacker to trick the system into running a command from a different location than intended, potentially leading to unauthorized actions. This issue affects all ...