CVE.report search for "CVE-2026-25456"
Listed below are 50 relevant search results for "CVE-2026-25456" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-41909 | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows li... | ||
| CVE-2026-41908 | OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-... | ||
| CVE-2026-41894 | SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denyli... | ||
| CVE-2026-41679 | Paperclip | Paperclipai | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416... |
| CVE-2026-41426 | pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails... | ||
| CVE-2026-41389 | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... | ||
| CVE-2026-41372 | OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass o... | ||
| CVE-2026-41371 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers... | ||
| CVE-2026-41370 | OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary fil... | ||
| CVE-2026-41369 | OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter ... | ||
| CVE-2026-41368 | OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to b... | ||
| CVE-2026-41367 | OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and... | ||
| CVE-2026-41366 | OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows m... | ||
| CVE-2026-41365 | OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. ... | ||
| CVE-2026-41364 | OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers t... | ||
| CVE-2026-41363 | OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInpu... | ||
| CVE-2026-41362 | OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-ded... | ||
| CVE-2026-41361 | OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attac... | ||
| CVE-2026-41360 | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands co... | ||
| CVE-2026-41359 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissio... | ||
| CVE-2026-41358 | OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter... | ||
| CVE-2026-41357 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsa... | ||
| CVE-2026-41356 | OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously... | ||
| CVE-2026-41355 | OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox ... | ||
| CVE-2026-41354 | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitima... | ||
| CVE-2026-41353 | OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers ... | ||
| CVE-2026-41352 | OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope... | ||
| CVE-2026-41351 | OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 a... | ||
| CVE-2026-41350 | OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enfor... | ||
| CVE-2026-41349 | OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution ... | ||
| CVE-2026-41348 | OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that... | ||
| CVE-2026-41347 | OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, al... | ||
| CVE-2026-41346 | OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing a... | ||
| CVE-2026-41345 | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authoriz... | ||
| CVE-2026-41344 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped ga... | ||
| CVE-2026-41343 | OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to c... | ||
| CVE-2026-41342 | OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists un... | ||
| CVE-2026-41341 | OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct mes... | ||
| CVE-2026-41340 | OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorre... | ||
| CVE-2026-41339 | OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authentic... | ||
| CVE-2026-41338 | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers... | ||
| CVE-2026-41337 | OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers ... | ||
| CVE-2026-41336 | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabli... | ||
| CVE-2026-41335 | OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that expos... | ||
| CVE-2026-41334 | OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixe... | ||
| CVE-2026-41333 | OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent s... | ||
| CVE-2026-41332 | OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_F... | ||
| CVE-2026-41331 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows... |
| CVE-2026-41330 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly ... |
| CVE-2026-41329 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat con... |