HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-53858	OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable_CVE-2026-53858 OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runt...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-53857	OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy_CVE-2026-53857 OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-53855	OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks_CVE-2026-53855 OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-53853	OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS_CVE-2026-53853 OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed argument...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-53849	OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom_CVE-2026-53849 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity us...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53846	OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath_CVE-2026-53846 OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpa...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.7	CVE-2026-53843	OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session_CVE-2026-53843 OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node toke...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53842	OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable_CVE-2026-53842 OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selecti...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-50656	Microsoft Defender Elevation of Privilege Vulnerability_CVE-2026-50656 {“lastseen”:””,”description”:””,”published”:”2026-06-16T18:01:33.601Z”,&#82...	Microsoft	Microsoft Malware Protection Engine -	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47964	DNG SDK \| Heap-based Buffer Overflow (CWE-122)_CVE-2026-47964 DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in...	Adobe	DNG SDK	Jun 16, 2026	CVE