CVE Vulnerabilities - 3 April 2026

OpenClaw's HTTP endpoints don't properly check where requests come from when using trusted-proxy mode, which could allow a malicious website to trick users into performing actions they don't intend. T...

Electron apps on macOS and Linux may leak sensitive information when handling certain inputs. This issue only affects apps that use a specific feature and run as the same user. To fix, update to a pat...

The OpenClaw software has a security issue that allows it to bypass important security settings for Docker and Git, potentially exposing sensitive data. This issue affects versions of OpenClaw up to 2...

If you're using Electron, check if you're passing untrusted input to the setAsDefaultProtocolClient method on Windows. If you are, an attacker could potentially take control of your app's protocol han...

A security issue in Roundcube Webmail allows an attacker to change a user's password without knowing the current one. This could be exploited by someone who has access to the user's account. To fix th...

If an Electron app is installed in a folder with a space in its name, an attacker could trick Windows into running a different program at login. This could happen if the app is installed by a standard...

This security issue affects older versions of Roundcube Webmail. An attacker could potentially write files on your server without being authenticated, which could lead to data loss or damage. Update t...

The GRID Organiser App on Android versions up to 1.0.5 stores an encryption key directly in the app's code, making it vulnerable to unauthorized access if an attacker gains access to the device. This ...

A security weakness has been found in the Rico só vantagem pra investir App for Android. This means that a hacker could potentially access sensitive information by manipulating a specific setting. App...

A security flaw in the UCC CampusConnect App for Android versions up to 14.3.5 could allow an attacker to access sensitive information. This is because the app uses a hardcoded security key, rather th...

An Electron app may allow a device to be selected that doesn't meet the app's security filters. This is fixed in updated versions of Electron. To stay secure, update to Electron 41.0.0-beta.8, 40.7.0,...

A security issue in Roundcube Webmail allows an attacker to potentially inject malicious commands or bypass security checks when searching emails. This could be used to hijack user sessions or steal s...

A security issue in OpenClaw's Discord integration allows anyone to join voice chats in certain channels, even if they shouldn't be able to. This is because the system doesn't properly check if a user...

If you're using OpenClaw version 2026.3.28 or earlier, an attacker who already has access to your system could potentially stay connected even after you change your password. This is a relatively low-...

Signal K Server versions prior to 2.24.0 allow a user with limited access to view sensitive information they shouldn't be able to see. This is a security risk because it could expose confidential data...

An issue in OpenClaw's startup migration process can cause it to reload previously revoked settings from a file after a restart. This can potentially allow users to bypass security restrictions. To fi...

A security issue in the OpenClaw package allows attackers to bypass verification of Telnyx webhooks, potentially allowing malicious requests to be treated as legitimate. This could lead to unauthorize...

The Apache Commons Compress library has a bug that can cause a denial-of-service (DoS) attack if an attacker sends a specially crafted file. This can lead to a server crash or slowdown. Update to a fi...

A flaw in the Apache HTTP Server can allow an attacker to access files on a website that they shouldn't be able to access. This could happen if the server is not configured correctly. To fix this, upd...

A vulnerability in Microsoft Office can allow attackers to execute malicious code on a victim's computer by sending a specially crafted file. This could potentially allow a hacker to take control of t...

Apache's HTTP Server has a security issue that allows an attacker to inject malicious code into web pages. This can happen when a user visits a website that uses Apache's mod_proxy_ajp module to conne...

Adobe Flash Player has a security vulnerability that could allow hackers to execute unauthorized code on a user's computer. This could lead to data theft, system compromise, or other malicious activit...

Apache HTTP Server's mod_proxy module has a vulnerability that allows an attacker to execute code on a remote server without needing a password. This could allow an attacker to take control of the ser...

Apache's web server software has a flaw that could let hackers run malicious code on your server. This means an attacker could take control of your server and do whatever they want. You should update ...

Apache HTTP Server may allow attackers to serve malicious files. This could happen if a server is configured to use a directory traversal attack, allowing attackers to serve files outside of the inten...