7.8
CVE-2026-25157 - OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the β¦
6.5
CVE-2026-25475 - OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/filβ¦
8.8
CVE-2026-25161 - Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal seqβ¦
9.1
CVE-2026-25160 - Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (MitM) attacks. This β¦
8.4
CVE-2026-24884 - Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause β¦
5.5
CVE-2026-25145 - melange has a path traversal in license-path which allows reading files outside workspace
melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file (e.g., through pull request-driven CI or build-as-a-service scenarios) could read arbitrary files from the host system. The Licensβ¦
7.8
CVE-2026-25143 - melange affected by potential host command execution via license-check YAML mode patch pipeline
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-deriveβ¦
7.8
CVE-2026-24844 - melange pipeline working-directory could allow command injection
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses ${{vars.*}} or ${{inputs.*}} substitutions inβ¦
8.2
CVE-2026-24843 - melange QEMU runner could write files outside workspace directory
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries wβ¦
6.5
CVE-2025-68699 - NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Incrementβ¦
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly validated during the sβ¦