wpForo 2
Description
wpForo 2
AI Analyst Comment
Remediation
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Search and filter 17426 vulnerabilities with AI analyst insights
wpForo 2
wpForo 2
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability of improper verification in the email application
Vulnerability of improper verification in the email application
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Permission bypass vulnerability in the system service framework
Permission bypass vulnerability in the system service framework
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An authentication bypass vulnerability in a device authentication module allows unauthenticated attackers to compromise the integrity and confidential...
An authentication bypass vulnerability in a device authentication module allows unauthenticated attackers to compromise the integrity and confidentiality of the affected system.
---METADATA---
VENDOR: Unknown
PRODUCT: Device Authentication Module
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in a device authentication module allows unauthenticated attackers to compromise the integrity and confidentiality of the affected system.
Executive Summary:
A critical authentication bypass in a device authentication module allows unauthenticated attackers to gain unauthorized access, compromising system confidentiality and integrity.
Vulnerability Details
CVE-ID: CVE-2026-28536
Affected Software: Affected Device
Affected Versions: See vendor advisory
Vulnerability: This vulnerability is an authentication bypass located within the device's authentication module. An unauthenticated remote attacker can exploit this flaw to circumvent security checks, allowing them to gain access to the system without providing valid credentials.
Business Impact
The CVSS score of 9.6 indicates a critical risk. Successful exploitation allows an attacker to bypass the primary security gate of the device, leading to unauthorized data access and potential modification of system settings. This can result in significant data breaches, loss of intellectual property, and a total loss of trust in the device's security.
Remediation Plan
Immediate Action: Identify the specific device manufacturer and apply the latest security patches for the authentication module immediately.
Proactive Monitoring: Review access logs for successful logins that do not correlate with known user activity or originate from unexpected IP addresses.
Compensating Controls: Implement network-level authentication or a VPN to gate access to the device until the internal authentication module can be patched.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 5, 2026, there is no public information indicating active exploitation. However, authentication bypasses are high-value targets for attackers seeking initial access to a network.
Analyst Recommendation
Because this vulnerability targets the core authentication mechanism, it must be addressed with the highest urgency. We recommend an immediate audit of all authentication logs and the swift application of vendor patches to restore the integrity of the device's access control.
Update the device Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
arduino-TuyaOpen before version 1
arduino-TuyaOpen before version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
arduino-TuyaOpen before version 1
arduino-TuyaOpen before version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
arduino-TuyaOpen before version 1
arduino-TuyaOpen before version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenViking versions 0
OpenViking versions 0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the object...
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and merged into $_REQUEST after global security checks are executed, the payload bypasses the existing sanitization mechanisms. This issue has been patched in version 24.0.
---METADATA---
VENDOR: WWBN
PRODUCT: AVideo
AFFECTED_VERSIONS: Prior to version 24.0
---END_METADATA---
Description Summary:
WWBN AVideo prior to 24.0 is vulnerable to an unauthenticated SQL injection in multiple components due to improper sanitization of JSON-formatted POST request bodies.
Executive Summary:
A critical unauthenticated SQL injection vulnerability in WWBN AVideo allows remote attackers to compromise the backend database and exfiltrate sensitive information.
Vulnerability Details
CVE-ID: CVE-2026-28501
Affected Software: WWBN AVideo (formerly YouPHPTube)
Affected Versions: Prior to version 24.0
Vulnerability: This unauthenticated SQL injection exists in the objects/videos.json.php and objects/video.php components. The application fails to sanitize the catName parameter when it is delivered via a JSON POST request, effectively bypassing global security filters that are only applied to standard form-encoded data.
Business Impact
This vulnerability carries a CVSS score of 9.8. An attacker can exploit this flaw to read, modify, or delete any data within the database, including user credentials, private video metadata, and site configurations. In many environments, this can be further escalated to remote code execution (RCE) on the underlying server.
Remediation Plan
Immediate Action: Update WWBN AVideo to version 24.0 or later immediately to address the insecure handling of JSON-based input parameters.
Proactive Monitoring: Monitor database logs for unusual query patterns and review web logs for POST requests to the affected PHP files containing SQL keywords or suspicious JSON structures.
Compensating Controls: Configure a Web Application Firewall (WAF) to inspect JSON bodies for SQL injection payloads and block any requests that attempt to exploit the catName parameter.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 6, 2026, there is no public information indicating active exploitation. However, SQL injection flaws in media platforms are frequently exploited for data harvesting and site defacement.
Analyst Recommendation
Applying the version 24.0 update is critical for all AVideo installations. Given that this is an unauthenticated flaw, the window for remediation is narrow, and the patch should be treated as a top-priority security emergency.
Update HP and objects to the latest version. Monitor for exploitation attempts and review access logs.
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Authlib is a Python library which builds OAuth and OpenID Connect servers
Authlib is a Python library which builds OAuth and OpenID Connect servers
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FOSSBilling versions prior to 0.8.0 are susceptible to Server-Side Template Injection (SSTI) in the Twig rendering engine, enabling remote code execut...
FOSSBilling versions prior to 0.8.0 are susceptible to Server-Side Template Injection (SSTI) in the Twig rendering engine, enabling remote code execution for authenticated administrators.
---METADATA---
VENDOR: FOSSBilling
PRODUCT: FOSSBilling
AFFECTED_VERSIONS: Prior to 0.8.0
---END_METADATA---
Description Summary:
FOSSBilling versions prior to 0.8.0 are susceptible to Server-Side Template Injection (SSTI) in the Twig rendering engine, enabling remote code execution for authenticated administrators.
Executive Summary:
A critical Server-Side Template Injection (SSTI) vulnerability in FOSSBilling allows authenticated administrators to execute arbitrary code and compromise the underlying server environment.
Vulnerability Details
CVE-ID: CVE-2026-28496
Affected Software: FOSSBilling FOSSBilling
Affected Versions: Prior to 0.8.0
Vulnerability: The application renders Twig templates without a sandbox, exposing the dependency injection container and internal API context. This vulnerability is triggered via features that process templates, such as email campaigns or the string_render API endpoint, requiring administrative authentication.
Business Impact
With a CVSS score of 9.4, this vulnerability represents a severe threat to the entire hosting environment. Successful exploitation allows an attacker with administrative privileges to achieve remote code execution, leading to full system compromise, database exfiltration, and potential lateral movement across the network.
Remediation Plan
Immediate Action: Upgrade to FOSSBilling version 0.8.0 or later to implement proper Twig template sandboxing.
Proactive Monitoring: Audit existing email templates and mass mail campaign configurations for suspicious or unauthorized Twig expressions.
Compensating Controls: Restrict access to the /api/system/* endpoints at the Web Application Firewall (WAF) or reverse proxy level to prevent unauthorized interaction with sensitive system functions.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jun 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly severe for administrative users. Organizations must update to version 0.8.0 immediately and perform a full audit of all custom templates and API usage to ensure that no malicious payloads have been previously injected.
Update FOSSBilling FOSSBilling to the latest version. Check the vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administra...
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling a remote unauthenticated attacker to exploit this via Cross-Site Request Forgery against a logged-in admin, achieving Remote Code Execution (RCE) on the web server.
---METADATA---
VENDOR: GetSimple CMS
PRODUCT: GetSimple CMS
AFFECTED_VERSIONS: GetSimpleCMS-CE v3.3.22 (with massiveAdmin plugin v6.0.3)
CONFIDENCE: high
MISSING: exploit_status
---END_METADATA---
Description Summary:
GetSimple CMS is vulnerable to Remote Code Execution via a CSRF-based attack on the massiveAdmin plugin's configuration editor.
Executive Summary:
A critical vulnerability in the GetSimple CMS massiveAdmin plugin allows an unauthenticated attacker to achieve remote code execution via Cross-Site Request Forgery.
Vulnerability Details
CVE-ID: CVE-2026-28495
Affected Software: GetSimple CMS GetSimple CMS
Affected Versions: GetSimpleCMS-CE v3.3.22 (with massiveAdmin plugin v6.0.3)
Vulnerability: The massiveAdmin plugin lacks Cross-Site Request Forgery (CSRF) protections when interacting with the gsconfig.php file editor. This allows a remote unauthenticated attacker to force an authenticated administrator to inadvertently overwrite the configuration file with malicious PHP code.
Business Impact
Successful exploitation results in Remote Code Execution (RCE), granting the attacker full control over the underlying web server. With a CVSS score of 9.6, this vulnerability allows for complete site defacement, data theft, or the deployment of persistent backdoors, severely impacting the organization's security posture.
Remediation Plan
Immediate Action: Update the GetSimple CMS environment and ensure the massiveAdmin plugin is removed or updated to a secure version if available.
Proactive Monitoring: Monitor server file integrity for unexpected modifications to gsconfig.php and review administrative access logs for unusual activity.
Compensating Controls: Implement strict CSRF protection mechanisms or enforce administrative IP whitelisting to restrict access to sensitive configuration modules.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Mar 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability presents a severe risk due to the potential for full server takeover. Administrators must immediately secure the configuration editor or disable the vulnerable plugin to prevent exploitation through CSRF vectors.
Update HP configuration file to the latest version. Monitor for exploitation attempts and review access logs.
ImageMagick is free and open-source software used for editing and manipulating digital images
ImageMagick is free and open-source software used for editing and manipulating digital images
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions 2026
OpenClaw versions 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.15 contain an option injection vulnerability in the git-hooks/pre-commit hook that allows attackers to stage ignored...
OpenClaw versions prior to 2026.2.15 contain an option injection vulnerability in the git-hooks/pre-commit hook that allows attackers to stage ignored files by creating maliciously-named files beginning with dashes. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling attackers to inject git flags and add sensitive ignored files like .env to git history.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Multiple Products
AFFECTED_VERSIONS: Prior to 2026.2.15
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
OpenClaw contains an option injection vulnerability in the pre-commit hook that allows attackers to inject Git flags and add sensitive ignored files to the repository history.
Executive Summary:
An option injection vulnerability in OpenClaw pre-commit hooks allows unauthorized actors to exfiltrate sensitive files, posing a critical risk to repository integrity.
Vulnerability Details
CVE-ID: CVE-2026-28484
Affected Software: OpenClaw Multiple Products
Affected Versions: Prior to 2026.2.15
Vulnerability: The vulnerability exists in the git-hooks/pre-commit hook where improper handling of filenames allows for option injection. An unauthenticated attacker can create files with malicious names starting with dashes, which are then passed to git add without proper separator delimitation, allowing arbitrary flag injection.
Business Impact
The ability to force the inclusion of sensitive files, such as .env files containing API keys or credentials, into version control systems can lead to catastrophic data breaches. Given the CVSS score of 9.8, this flaw represents a critical threat to organizational security, potentially exposing intellectual property and production secrets to unauthorized parties with access to the repository.
Remediation Plan
Immediate Action: Upgrade all instances of OpenClaw to version 2026.2.15 or later immediately.
Proactive Monitoring: Audit existing Git repository histories for the presence of sensitive files that should have been ignored.
Compensating Controls: Implement strict file naming policies and repository scanning tools (e.g., secret scanners) to detect and block the commit of sensitive configuration files.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability presents a severe risk to the confidentiality of development environments. Administrators must prioritize the update to version 2026.2.15 to prevent unauthorized exposure of sensitive environment variables and credentials.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw's Nextcloud Talk plugin uses mutable display names for allowlist validation. Attackers can bypass access controls by changing their display n...
OpenClaw's Nextcloud Talk plugin uses mutable display names for allowlist validation. Attackers can bypass access controls by changing their display name to match an allowlisted ID.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Nextcloud Talk plugin
AFFECTED_VERSIONS: Versions prior to 2026.2.6
---END_METADATA---
Description Summary:
OpenClaw's Nextcloud Talk plugin uses mutable display names for allowlist validation. Attackers can bypass access controls by changing their display name to match an allowlisted ID.
Executive Summary:
The OpenClaw Nextcloud Talk plugin contains a critical logic flaw that allows attackers to bypass conversation allowlists and gain unauthorized access to restricted chats.
Vulnerability Details
CVE-ID: CVE-2026-28474
Affected Software: OpenClaw Nextcloud Talk plugin
Affected Versions: Versions prior to 2026.2.6
Vulnerability: The plugin performs allowlist validation by checking the mutable actor.name field (display name) instead of a unique, immutable user ID. An attacker can change their display name to match a known authorized user, tricking the system into granting access to restricted Direct Messages (DM) and chat rooms.
Business Impact
This flaw allows for unauthorized access to sensitive internal communications. Confidential business discussions, credentials shared in chat, and private user data could be exposed to unauthorized parties. The CVSS score of 9.8 underscores the total failure of the authorization mechanism within the plugin.
Remediation Plan
Immediate Action: Update the OpenClaw Nextcloud Talk plugin to version 2026.2.6 or later, which implements validation based on immutable user identifiers.
Proactive Monitoring: Review Nextcloud audit logs for frequent display name changes followed by access to restricted chat rooms.
Compensating Controls: Disable the ability for users to change their own display names within Nextcloud until the patch is applied, or implement secondary authentication for sensitive rooms.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 5, 2026, there is no public information indicating active exploitation. However, this is a trivial logic bypass that requires very little technical skill to execute.
Analyst Recommendation
Relying on user-controlled fields for security validation is a critical design error. Administrators must apply the update immediately to ensure that chat room access is governed by secure, immutable IDs. Prioritize this update to protect the confidentiality of organizational communications.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec app...
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls.
---METADATA---
VENDOR: OpenClaw
PRODUCT: OpenClaw
AFFECTED_VERSIONS: See vendor advisory for affected versions
CONFIDENCE: medium
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
OpenClaw versions prior to 2026 are affected by a security vulnerability requiring immediate attention from administrators.
Executive Summary:
A critical vulnerability identified in OpenClaw versions prior to 2026 necessitates immediate review and patching to prevent system compromise.
Vulnerability Details
CVE-ID: CVE-2026-28473
Affected Software: OpenClaw, OpenClaw
Affected Versions: See vendor advisory for affected versions
Vulnerability: The provided source indicates that versions prior to 2026 are vulnerable. Specific technical details regarding the authentication requirements or the nature of the exploit are currently limited, but the high CVSS score suggests a significant security defect.
Business Impact
With a CVSS score of 8.1, this vulnerability is classified as high severity. Potential consequences include unauthorized access to sensitive data, potential service disruption, and the compromise of system integrity, necessitating prompt remediation to protect business-critical assets.
Remediation Plan
Immediate Action: Consult the vendor’s security advisory to identify the specific affected versions and apply the recommended security updates immediately.
Proactive Monitoring: Review system access logs for unauthorized attempts to interact with the OpenClaw service and monitor for any unexplained changes in application behavior.
Compensating Controls: Employ a Web Application Firewall (WAF) or network-level restrictions to limit exposure of the OpenClaw service to untrusted networks until a formal patch is applied.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of March 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The high severity of this vulnerability dictates an urgent response. Administrators should verify their current deployment version against the vendor's documentation and ensure that all updates are applied in accordance with organizational patch management policies.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity che...
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.
---METADATA---
VENDOR: OpenClaw
PRODUCT: OpenClaw
AFFECTED_VERSIONS: See vendor advisory for affected versions
CONFIDENCE: low
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
OpenClaw software versions prior to 2026 are affected by a security vulnerability requiring immediate attention.
Executive Summary:
A vulnerability in OpenClaw versions prior to 2026 presents a high risk to organizational security, necessitating immediate patch review and implementation.
Vulnerability Details
CVE-ID: CVE-2026-28472
Affected Software: OpenClaw OpenClaw
Affected Versions: See vendor advisory for affected versions
Vulnerability: The specific nature of this vulnerability remains insufficiently documented; however, it affects the OpenClaw platform. The authentication requirements for exploitation cannot be determined from current data.
Business Impact
With a CVSS score of 8.1, this vulnerability is classified as High severity. Exploitation could lead to unauthorized system access, potential data exfiltration, or service disruption, directly impacting business continuity and data integrity.
Remediation Plan
Immediate Action: Consult the official OpenClaw security vendor advisory to identify the specific patched version and apply updates immediately.
Proactive Monitoring: Review system and application access logs for anomalous behavior or unauthorized connection attempts directed at the OpenClaw environment.
Compensating Controls: Deploy Web Application Firewall (WAF) rules to filter suspicious traffic patterns until the underlying software can be updated.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the lack of granular technical detail, the potential for hidden vectors is high.
Analyst Recommendation
Given the High severity score, administrators must prioritize identifying their current OpenClaw version against the vendor's release notes. Apply all available security patches immediately to mitigate the risk of exploitation.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitr...
OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $() or backticks inside double-quoted strings to execute unauthorized commands.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Multiple Products
AFFECTED_VERSIONS: Prior to 2026.2.2
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
OpenClaw contains an allowlist bypass vulnerability in its execution approval feature, allowing attackers to execute arbitrary commands via command substitution syntax.
Executive Summary:
A critical command injection vulnerability in OpenClaw allows attackers to bypass security allowlists and execute arbitrary code on the underlying system.
Vulnerability Details
CVE-ID: CVE-2026-28470
Affected Software: OpenClaw Multiple Products
Affected Versions: Prior to 2026.2.2
Vulnerability: The vulnerability is located in the execution approval mechanism, which fails to properly sanitize inputs. An unauthenticated attacker can embed command substitution syntax, such as $() or backticks, within double-quoted strings to bypass established security allowlists and execute unauthorized system commands.
Business Impact
Successful exploitation allows for full Remote Code Execution (RCE) on the host system, granting an attacker the ability to steal data, deploy malware, or pivot deeper into the corporate network. With a CVSS score of 9.8, this represents a critical threat to system availability and data confidentiality, requiring immediate remediation.
Remediation Plan
Immediate Action: Apply the update to version 2026.2.2 or later immediately to patch the command injection vulnerability.
Proactive Monitoring: Review system execution logs for unusual command patterns or unauthorized processes spawned by the OpenClaw service.
Compensating Controls: Ensure the service runs with the principle of least privilege, minimizing the impact if RCE is achieved, and utilize WAF rules to detect and drop common command injection payloads.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The risk of Remote Code Execution makes this vulnerability a high-priority item. Organizations should verify their current version and update to 2026.2.2 immediately to neutralize the threat of arbitrary command execution.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in UTT HiPER 520 1
A vulnerability was detected in UTT HiPER 520 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A webhook routing vulnerability in OpenClaw's Google Chat monitor allows cross-account policy misrouting. Attackers can bypass allowlists by exploitin...
A webhook routing vulnerability in OpenClaw's Google Chat monitor allows cross-account policy misrouting. Attackers can bypass allowlists by exploiting first-match request verification semantics.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Google Chat monitor
AFFECTED_VERSIONS: Versions prior to 2026.2.14
---END_METADATA---
Description Summary:
A webhook routing vulnerability in OpenClaw's Google Chat monitor allows cross-account policy misrouting. Attackers can bypass allowlists by exploiting first-match request verification semantics.
Executive Summary:
OpenClaw Google Chat monitor is vulnerable to a critical policy bypass that allows attackers to misroute webhook events and bypass session security controls.
Vulnerability Details
CVE-ID: CVE-2026-28469
Affected Software: OpenClaw Google Chat monitor
Affected Versions: Versions prior to 2026.2.14
Vulnerability: The Google Chat monitor component contains a webhook routing flaw where multiple targets sharing the same HTTP path lead to context misrouting. An unauthenticated attacker can exploit "first-match" verification logic to force the system to process events under an incorrect account context, effectively bypassing session policies and allowlists.
Business Impact
This vulnerability compromises the multi-tenancy and access control integrity of the OpenClaw platform. An attacker could gain unauthorized access to data or trigger actions within another user's account context, leading to data leaks and unauthorized configuration changes. The CVSS score of 9.8 highlights the severity of this architectural failure in enforcing account isolation.
Remediation Plan
Immediate Action: Update the OpenClaw Google Chat monitor to version 2026.2.14 or later to resolve the webhook routing logic error.
Proactive Monitoring: Audit webhook delivery logs for requests that appear to be processed under mismatched account IDs or originate from unexpected sources.
Compensating Controls: Use unique, non-predictable HTTP paths for each webhook target to prevent path collisions and minimize the risk of misrouting.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, the logic flaw is significant, and organizations using multi-tenant webhook configurations are at high risk.
Analyst Recommendation
The ability to bypass account-level security policies through routing manipulation is a critical security failure. Security teams must ensure that OpenClaw instances are updated to the patched version immediately. Furthermore, verify that all webhook configurations utilize unique identifiers to ensure robust isolation between different account contexts.
Update Google Chat monitor to the latest version. Monitor for exploitation attempts and review access logs.
OpenClaw versions 2026
OpenClaw versions 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through tim...
OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Multiple Products
AFFECTED_VERSIONS: Prior to 2026.2.12
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
OpenClaw uses non-constant-time string comparison for hook token validation, enabling remote attackers to infer tokens through timing side-channel attacks.
Executive Summary:
A timing side-channel vulnerability in OpenClaw allows remote attackers to perform unauthorized actions by gradually inferring authentication tokens through timing analysis.
Vulnerability Details
CVE-ID: CVE-2026-28464
Affected Software: OpenClaw Multiple Products
Affected Versions: Prior to 2026.2.12
Vulnerability: The vulnerability stems from the use of non-constant-time string comparison functions when validating hook authentication tokens. An unauthenticated remote attacker with network access to the hooks endpoint can measure the time taken for validation responses across multiple requests to reconstruct and eventually bypass the authentication mechanism.
Business Impact
By successfully inferring valid authentication tokens, an attacker can gain unauthorized access to sensitive hook endpoints. This compromises the integrity of automated workflows and potentially allows for further unauthorized actions within the system, justifying the critical 9.8 CVSS score.
Remediation Plan
Immediate Action: Upgrade all OpenClaw installations to version 2026.2.12 or later to implement constant-time comparison logic.
Proactive Monitoring: Monitor network logs for high volumes of repeated requests to the hooks endpoint, which may indicate an ongoing timing attack.
Compensating Controls: Implement rate limiting on the hooks endpoint to significantly slow down the speed at which an attacker can perform timing measurements, making the attack impractical.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Timing attacks can be subtle and difficult to detect without specific monitoring. It is imperative to patch to version 2026.2.12 to ensure that token validation is resistant to side-channel analysis and to prevent unauthorized access.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, t...
OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in UTT HiPER 520 1
A security vulnerability has been detected in UTT HiPER 520 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw version 2026
OpenClaw version 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions 2026
OpenClaw versions 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST re...
OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands.
---METADATA---
VENDOR: OpenClaw
PRODUCT: webhook mode
AFFECTED_VERSIONS: See vendor advisory for affected versions
CONFIDENCE: low
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
OpenClaw versions prior to 2026 contain a security vulnerability specifically related to the software's webhook mode.
Executive Summary:
A security flaw within the webhook mode of OpenClaw versions prior to 2026 poses a significant risk of unauthorized access or service disruption.
Vulnerability Details
CVE-ID: CVE-2026-28454
Affected Software: OpenClaw webhook mode
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects the webhook processing functionality within OpenClaw. The specific technical mechanism and authentication requirements are currently unknown.
Business Impact
The CVSS score of 7.5 indicates a High severity risk. Successful exploitation of the webhook mode could facilitate remote command execution or data injection, threatening the security posture of systems integrated via webhooks.
Remediation Plan
Immediate Action: Verify the version of OpenClaw currently in use and apply the latest vendor-supplied security updates.
Proactive Monitoring: Monitor logs specifically for unusual webhook payloads or unexpected external requests hitting the application endpoints.
Compensating Controls: Restrict access to webhook endpoints using IP allowlisting or enhanced authentication tokens to limit the potential attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 7, 2026, there is no public information indicating active exploitation of this vulnerability. The lack of specific technical details requires a proactive approach to patching.
Analyst Recommendation
Do not delay in reviewing your OpenClaw deployment. Prioritize the update of any systems utilizing the webhook feature to ensure the vulnerability is fully mitigated.
Update Telegram webhook mode to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions 2026
OpenClaw versions 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allo...
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Voice-call extension
AFFECTED_VERSIONS: Prior to 2026.2.1
CONFIDENCE: high
MISSING: exploit_status, technical_details
---END_METADATA---
Description Summary:
An authentication bypass in OpenClaw's voice-call extension allows unauthenticated remote attackers to execute tools by manipulating caller ID validation logic.
Executive Summary:
A critical authentication bypass vulnerability in the OpenClaw voice-call extension allows unauthenticated remote attackers to execute unauthorized commands via manipulated caller ID inputs.
Vulnerability Details
CVE-ID: CVE-2026-28446
Affected Software: OpenClaw Voice-call extension
Affected Versions: Prior to 2026.2.1
Vulnerability: This vulnerability involves improper validation of inbound allowlist policies, where the system accepts empty caller IDs and utilizes insecure suffix-based matching. Unauthenticated remote attackers can exploit this flaw to bypass access controls and interact with the voice-call agent.
Business Impact
Successful exploitation allows unauthorized third parties to interact with internal voice-call agents, potentially leading to unauthorized tool execution and system compromise. Given the CVSS score of 9.8, this vulnerability poses a severe risk of data exfiltration or service disruption, necessitating immediate attention.
Remediation Plan
Immediate Action: Upgrade the OpenClaw voice-call extension to version 2026.2.1 or later to resolve the flawed caller ID validation logic.
Proactive Monitoring: Review voice-call logs for anomalous inbound call patterns, specifically those involving empty caller IDs or unexpected suffix matches.
Compensating Controls: Implement strict network-level ingress filtering to restrict access to the voice-call service to known, trusted IP ranges.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of March 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this flaw, combined with the ease of exploitation via simple input manipulation, makes this a high-priority remediation task. Administrators should prioritize upgrading to the patched version immediately to prevent unauthorized access to voice-call agent tools.
Update OpenClaw versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Talishar is a fan-made Flesh and Blood project
Talishar is a fan-made Flesh and Blood project
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Statmatic is a Laravel and Git powered content management system (CMS)
Statmatic is a Laravel and Git powered content management system (CMS)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Statmatic is a Laravel and Git powered content management system (CMS)
Statmatic is a Laravel and Git powered content management system (CMS)
---METADATA---
VENDOR: Statamic
PRODUCT: Statamic CMS
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Statamic CMS, built on Laravel and Git, is vulnerable to a high-severity security flaw that could compromise the integrity of the content management system.
Executive Summary:
A significant security vulnerability in Statamic CMS poses a high risk of unauthorized system access and data manipulation within the Laravel-based environment.
Vulnerability Details
CVE-ID: CVE-2026-28425
Affected Software: Statamic Statamic CMS
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability impacts Statamic CMS. With a CVSS score of 8.0, the flaw likely facilitates significant unauthorized actions, possibly through improper input handling or session management, allowing attackers to interact with the system at an elevated privilege level.
Business Impact
A successful exploit could lead to the unauthorized disclosure of sensitive information or the alteration of critical website content. The CVSS score of 8.0 reflects a high level of risk to business continuity and data integrity, particularly for organizations relying on Statamic for public-facing web services.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches for Statamic CMS immediately to mitigate the risk of exploitation.
Proactive Monitoring: Regularly audit the Git repository associated with the CMS for unauthorized commits or unexpected changes to configuration files.
Compensating Controls: Deploy a Web Application Firewall (WAF) to detect and block suspicious traffic patterns targeting Laravel-based applications.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high-severity rating indicates that the flaw is serious and requires prompt remediation.
Analyst Recommendation
The severity of this vulnerability requires an immediate response to protect the web application environment. It is strongly recommended that administrators apply the latest security updates to Statamic CMS to prevent unauthorized access and potential data compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: gVectors Team
PRODUCT: wpForo Plugin
AFFECTED_VERSIONS: wpForo 2; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The wpForo 2 forum plugin for WordPress contains a high-severity vulnerability that could lead to unauthorized database access or system compromise.
Executive Summary:
A high-severity vulnerability in the wpForo 2 plugin for WordPress poses a significant risk to forum data and overall site security.
Vulnerability Details
CVE-ID: CVE-2026-28562
Affected Software: gVectors Team wpForo Plugin
Affected Versions: wpForo 2; See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the wpForo 2 forum plugin. With a CVSS score of 8.2, the flaw likely involves a critical failure in input sanitization or authorization checks, potentially allowing an attacker to manipulate the WordPress database or perform actions on behalf of other users.
Business Impact
The exploitation of this flaw could result in the theft of user credentials, unauthorized access to private forum discussions, or the modification of site content. The CVSS score of 8.2 indicates a high severity, as it threatens both the privacy of forum members and the operational integrity of the WordPress site.
Remediation Plan
Immediate Action: Update the wpForo plugin to the latest available version immediately through the WordPress dashboard.
Proactive Monitoring: Review WordPress user logs for unauthorized administrative actions or the creation of suspicious new user accounts with elevated privileges.
Compensating Controls: Implement a WAF with specific rules to protect WordPress plugins and ensure that database user permissions follow the principle of least privilege.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 1, 2026, there is no public information indicating active exploitation of this vulnerability. Given the popularity of wpForo, this vulnerability represents a significant risk to many community-driven websites.
Analyst Recommendation
Administrators of WordPress sites running the wpForo plugin must apply the latest security updates immediately. The high CVSS score underscores the urgency of this remediation to prevent potential data breaches and unauthorized access.