CVE Vulnerabilities - 3 April 2026

An attacker can exploit a weakness in the Azure SRE Agent to access sensitive information sent over a network if they don't have permission to do so. This could lead to the exposure of confidential da...

Electron apps that share video data between browser and Node.js environments are at risk of being compromised by an attacker who can inject malicious code. To fix, avoid sharing video frames directly ...

An attacker can cause a Wisp server to run out of memory or disk space by sending a large multipart form submission. This can happen if an attacker sends a big file or a lot of small files in a single...

A bug in OpenClaw's onboarding process allows an attacker who discovers an endpoint to continue accessing it even after it's been reported as untrusted. This can lead to unauthorized access to gateway...

A security issue in OpenClaw version 2026.3.28 and earlier allows attackers to steal sensitive information when a user downloads media from a different website. This is a medium-risk vulnerability tha...

If you're using the Auth0 Symfony SDK between 5.0.0 and 5.7.0, an attacker could potentially guess your session cookies, allowing them to access your users' accounts. To fix this, update the Auth0 Sym...

If you're using the Auth0 WordPress Plugin and the Auth0 PHP SDK, you may be vulnerable to hackers guessing your encrypted cookies. This could let them pretend to be your users. To fix this, update th...

The Auth0 WordPress Plugin has a security weakness that could allow attackers to access user sessions. If you're using the plugin, you should update to the latest version to protect your users' sessio...

If you use the Auth0 Laravel SDK, you may be at risk of attackers guessing your user session cookies. This is because the encryption used is not strong enough. To fix this, update the Auth0 Laravel SD...

If you use the Auth0 Laravel SDK in your PHP application, a weakness in the encryption of session cookies could allow hackers to guess the encryption key and impersonate users. To fix this, update the...

A security issue was found in OpenClaw, a library used by developers. A malicious agent could bypass the need for user approval to execute certain actions, potentially leading to unauthorized changes....

A recent update to OpenClaw, a tool for migrating Telegram accounts, has a security issue that could allow unauthorized access to some accounts. This is a low-level risk, but it's still important to u...

If you're using Electron to create apps with child windows and also render content offscreen, be aware that this setup can cause your app to crash or become unstable. To fix this, make sure to close c...

A vulnerability in the OpenClaw app on macOS allows hackers to impersonate a trusted DNS server and steal sensitive user credentials. This can happen if the attacker is on the same network as the user...

A security issue in OpenClaw allows unauthorized users to consume resources on Telegram groups, potentially leading to increased costs. This issue is present in versions of OpenClaw up to 2026.3.28. T...

If you're using a version of OpenClaw older than 2026.3.31, a hacker could send a specially crafted WebSocket message that consumes your system's resources, potentially causing it to slow down or cras...

The OpenClaw software processes Discord audio before checking if the user is authorized, potentially exposing sensitive information. This could happen to anyone using an outdated version of OpenClaw. ...

If you use Electron to build desktop apps, be careful when using user input to configure your app's settings. An attacker could trick your app into disabling security features by injecting malicious c...

An unsecured device can access sensitive host commands, potentially allowing an attacker to take control of the host system. This vulnerability affects devices paired with OpenClaw version 2026.3.28 o...

Discord's built-in slash commands can bypass channel restrictions, allowing authorized users to access restricted groups. This could potentially lead to unwanted messages or spam in those groups. Upda...

A security issue in OpenClaw's node browser proxy allows an attacker to bypass access controls and gain unauthorized access to profiles. This means that sensitive data may be exposed if you're using a...

The Ech0 server can be tricked into visiting any website, including internal sites, without user authentication. This happens when a user submits a malicious URL for a link preview. To fix this, updat...

Go JOSE may crash when decrypting certain encrypted files, potentially causing a denial of service. This happens when it tries to decrypt a file with an empty encryption key. To avoid this, ensure tha...

Some Electron apps that ask users for permission to use their computer in fullscreen, pointer-lock, or keyboard-lock mode may crash or become unstable if a user navigates away or closes the window whi...

The Sudo software has a security issue where certain errors during user privilege changes can lead to unauthorized access. This affects users who rely on Sudo for secure access to system features. To ...