CVE Vulnerabilities - 18 March 2026

A security flaw in OpenClaw's sandboxing feature could allow an attacker to access prohibited areas. This issue affects OpenClaw versions up to 2026.2.23. To fix the issue, update to version 2026.2.24...

OpenClaw's configuration allows unauthorized environment variables to be injected during startup, potentially allowing attackers to execute malicious code. This vulnerability affects OpenClaw versions...

A security issue in OpenClaw Gateway allows an attacker on the same local network to steal the gateway authentication token, potentially allowing them to access your account. This only affects shared-...

Versions of Sentry's error tracking tool before 26.1.0 allow unauthorized access to sensitive data shared between organizations. This could lead to sensitive data being exposed or manipulated. Update ...

A vulnerability in OpenClaw allows an attacker to run malicious code if they can influence the system's shell. This could happen if an attacker can write a malicious program to a directory where OpenC...

A security issue in OpenClaw, a tool for browser output handling, allowed malicious writes outside intended folders. This could potentially lead to data corruption or unauthorized changes. To fix this...

A security issue in Next.js allows malicious requests from certain hidden contexts to impersonate a legitimate user's actions. This could lead to unauthorized changes being made on a site using Next.j...

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restr...

A security flaw in the LDAP Account Manager's PDF export feature allows an attacker to upload malicious files, potentially taking control of the server. This can happen when using older versions of LD...

A security flaw in Portabilis i-Educar 2.11 allows an attacker to inject malicious code into the system when a user enters a specially crafted input. This could potentially allow an attacker to take c...

A security flaw in the TRENDnet TEW-824DRU router's web interface allows an attacker to remotely hack into the device. This could lead to unauthorized access and potentially let the attacker take cont...

OpenClaw's debug mode allows someone with permission to make changes to bypass some security restrictions. This can't be exploited by anyone without already having access to the debug mode. However, i...

A security flaw in itsourcecode University Management System 1.0 can allow hackers to inject malicious code into the system, potentially allowing them to access sensitive information or take control o...

If you're running a Next.js development server on a network that's accessible to others, a malicious user could potentially connect to your development server and see sensitive information. This only ...

A previous version of pyOpenSSL allowed an attacker to bypass security features by causing a callback function to crash. This has been fixed, so connections will now be rejected if the callback fails....

Adobe Flash Player is vulnerable to a critical security issue that could allow attackers to execute malicious code on a user's computer if they visit a compromised website. This could lead to unauthor...