VulnScope — package-centric CVE lookup

Search

62,766 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.8CVE-2026-55591Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints6/18/2026
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)6/18/2026
—OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state6/18/2026
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
—OpenClaw: Focus command could miss controlScope enforcement6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers6/18/2026
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks6/18/2026
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
—OpenClaw: Active Memory write scope could mutate global config6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026

Page 1 of 2511Next →