category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-53836	OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases_CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encode...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 2.3	CVE-2026-53835	OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings_CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated sende...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.2	CVE-2026-53834	OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands_CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to ...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-53833	OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command_CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate...	QQBot	QQBot	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-53832	OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration_CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity hea...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-53831	OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist_CVE-2026-53831 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to mo...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53830	OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload_CVE-2026-53830 OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to rem...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.5	CVE-2026-53829	OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display_CVE-2026-53829 OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approver...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-53828	OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement_CVE-2026-53828 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute own...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53827	OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding_CVE-2026-53827 OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward...	OpenClaw	OpenClaw	Jun 12, 2026	CVE