category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-53848	OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers_CVE-2026-53848 OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects ou...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
MEDIUM 5.3	CVE-2026-53847	OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope_CVE-2026-53847 OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53846	OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath_CVE-2026-53846 OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpa...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53845	OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping_CVE-2026-53845 OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
MEDIUM 6	CVE-2026-53844	OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search_CVE-2026-53844 OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to acc...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.7	CVE-2026-53843	OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session_CVE-2026-53843 OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node toke...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53842	OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable_CVE-2026-53842 OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selecti...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.1	CVE-2026-53841	OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML_CVE-2026-53841 OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
MEDIUM 6	CVE-2026-53840	OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects_CVE-2026-53840 OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-50656	Microsoft Defender Elevation of Privilege Vulnerability_CVE-2026-50656 {“lastseen”:””,”description”:””,”published”:”2026-06-16T18:01:33.601Z”,&#82...	Microsoft	Microsoft Malware Protection Engine -	Jun 16, 2026	CVE