CVE Vulnerabilities - 21 March 2026

Older versions of OpenClaw don't properly check events from certain sources. This means an attacker can trick the system into accepting events from users or channels they shouldn't have access to. Upd...

An authenticated user can access and see files outside the intended video directory on the AVideo server. This could allow them to access sensitive information. To fix this, update the code to ensure ...

Older versions of OpenClaw share a secret key with user IDs, making login information accessible to attackers. This means that if an attacker sees a prompt sent to a third-party model provider, they m...

If you use OpenClaw versions earlier than 2026.2.26, an attacker who has been approved to send messages in one account can send messages to another account without needing approval. This could allow u...

Versions of OpenClaw before 2026.2.25 have a security issue that could let someone send unauthorized messages about a user's session status. This could be exploited by an attacker to access informatio...

A security issue affects Discourse discussion platforms before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Unprivileged users with tag-editing permissions could edit tags that they shouldn't h...

The Keep Backup Daily plugin for WordPress is vulnerable to unauthorized access to server files. Attackers with Administrator-level access can list the contents of any directory on the server. To prot...

An attacker can trick Discourse users into visiting a fake website that looks like a legitimate Discourse authorization page, potentially stealing sensitive information or causing users to install mal...

Old versions of OpenClaw have a security weakness that lets attackers use previously approved requests with new environment settings, bypassing security checks. This can happen if an attacker gets hol...

An issue in Apache HTTP Server may allow attackers to access files they shouldn't. This affects Apache HTTP Server versions prior to 2.4.52. It's crucial to update to the latest version to prevent una...

A vulnerability in Apache's URL handling could allow an attacker to inject malicious code into websites. This could potentially allow an attacker to steal user data or take control of a website. Apach...

Apache HTTP Server stores sensitive information in plain text, which can be accessed by unauthorized users. This is a concern for businesses that use Apache HTTP Server, as it may lead to unauthorized...

A vulnerability in Apache Commons Text affects Spring Framework, potentially allowing an attacker to execute arbitrary code. This affects developers using Spring Framework. Update to the latest versio...

Adobe Acrobat Reader has a security issue that could allow an attacker to run unauthorized code on your computer if they trick you into opening a malicious PDF file. This could lead to data theft, sys...

Adobe Flash Player has a security issue that could allow attackers to access files on your computer without permission. This could lead to data theft or malware installation. Update Adobe Flash Player...

A security issue in Adobe Acrobat Reader could allow an attacker to run unauthorized code on your computer if you open a malicious PDF file. This could lead to data theft, system compromise, or other ...

A flaw in the VMware vSphere Client may allow unauthorized access to sensitive information. This issue affects organizations using VMware vSphere, potentially exposing confidential data. Update the vS...

Apache HTTP Server has a vulnerability that allows an attacker to execute code on a server without needing a password. This means someone could potentially take control of the server, leading to data ...

Apache HTTP Server versions 2.4.25 and older have a security issue that could allow an attacker to execute malicious code on a server. This is possible if a user visits a specially crafted website or ...

Apache HTTP Server is vulnerable to a denial of service attack that can crash the server. This could happen when the server receives a specially crafted request. Update your Apache HTTP Server to the ...

A vulnerability in the Apache HTTP Server allows an attacker to access sensitive files on a server by exploiting a misconfigured server. This could lead to unauthorized access to sensitive data, poten...