CVE.report search for "CVE-2026-32194"
Listed below are 50 relevant search results for "CVE-2026-32194" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-42432 | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exe... | ||
| CVE-2026-42431 | OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persi... | ||
| CVE-2026-42430 | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows att... | ||
| CVE-2026-42429 | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism th... | ||
| CVE-2026-42428 | OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install... | ||
| CVE-2026-42427 | OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entri... | ||
| CVE-2026-42426 | OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator... | ||
| CVE-2026-42424 | OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel loc... | ||
| CVE-2026-42423 | OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval req... | ||
| CVE-2026-42422 | OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens ... | ||
| CVE-2026-42421 | OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway... | ||
| CVE-2026-42420 | OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing deco... | ||
| CVE-2026-42249 | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attack... | ||
| CVE-2026-41916 | OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes sta... | ||
| CVE-2026-41915 | OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec o... | ||
| CVE-2026-41914 | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF... | ||
| CVE-2026-41913 | OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent async... | ||
| CVE-2026-41912 | OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger nav... | ||
| CVE-2026-41911 | OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file r... | ||
| CVE-2026-41910 | OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An autho... | ||
| CVE-2026-41909 | Openclaw | Openclaw | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows li... |
| CVE-2026-41908 | Openclaw | Openclaw | OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-... |
| CVE-2026-41894 | SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denyli... | ||
| CVE-2026-41679 | Paperclip | Paperclipai | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416... |
| CVE-2026-41426 | Pretalx | Pretalx | pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails... |
| CVE-2026-41408 | OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits fo... | ||
| CVE-2026-41407 | OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early l... | ||
| CVE-2026-41406 | OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted ... | ||
| CVE-2026-41405 | OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated a... | ||
| CVE-2026-41404 | OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allow... | ||
| CVE-2026-41403 | OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteV... | ||
| CVE-2026-41402 | OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticat... | ||
| CVE-2026-41400 | OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket... | ||
| CVE-2026-41399 | OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget a... | ||
| CVE-2026-41398 | OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-n... | ||
| CVE-2026-41397 | OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through... | ||
| CVE-2026-41396 | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, comp... | ||
| CVE-2026-41395 | OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query... | ||
| CVE-2026-41394 | OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes recei... | ||
| CVE-2026-41393 | OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS... | ||
| CVE-2026-41392 | OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via s... | ||
| CVE-2026-41391 | OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution c... | ||
| CVE-2026-41390 | OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr... | ||
| CVE-2026-41389 | Openclaw | Openclaw | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... |
| CVE-2026-41388 | OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settin... | ||
| CVE-2026-41387 | OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-po... | ||
| CVE-2026-41386 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended... | ||
| CVE-2026-41385 | OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method ... | ||
| CVE-2026-41384 | OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows atta... | ||
| CVE-2026-41383 | OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delet... | ||