category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-53828	OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement_CVE-2026-53828 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute own...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53827	OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding_CVE-2026-53827 OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 2.3	CVE-2026-53826	OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn_CVE-2026-53826 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to ch...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53825	OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope_CVE-2026-53825 OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operator...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53824	Mattermost < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh Delay_CVE-2026-53824 OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands durin...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-53823	OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom_CVE-2026-53823 OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attacker...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53822	OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution_CVE-2026-53822 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attacker...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53821	OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket_CVE-2026-53821 OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorizatio...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-53820	OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn_CVE-2026-53820 OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated ca...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 5.5	CVE-2025-7019	Avast antivirus stack overflow when scanning a malformed Office Open XML file_CVE-2025-7019 Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process...	Gen Digital	Avast Antivirus	Jun 12, 2026	CVE