Christopher Lusk

#9909of 53,633
27.8Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2026-48707
5.3
2026-06-11
Vim · Vim · CVE-2026-47167
**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.2.0496 **Description** A code injection issue exists in the `s:stepmatch()` function within the cucumber filetype plugin (`runtime/ftplugin/cucumber.vim`) for builds with +ruby support. Step-definition patterns read from `.rb` files in the `features/*/` or `stories/*/` directories are embedded into a Ruby `Kernel.eval` argument without sufficient escaping. This allows a crafted pattern in an attacker-controlled repository to execute arbitrary Ruby code and shell commands when a user invokes a step-jump mapping ([d, ]d). **Recommendations** Update to version 9.2.0496.
PT-2026-46192
7.2
2026-06-04
Red Hat · Openshift Cloud Credential Operator · CVE-2026-10843
**Name of the Vulnerable Software and Affected Versions** OpenShift Cloud Credential Operator (affected versions not specified) **Description** A flaw exists in the Mint-mode IAM policies for AWS within the OpenShift Cloud Credential Operator. Operator credentials are provisioned with account-wide scope for destructive actions instead of being restricted to cluster-owned resources. This configuration allows for cross-scope impact if credentials are compromised. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-35558
6.5
2026-04-27
Openclaw · Openclaw · CVE-2026-41370
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** A path traversal issue exists in the ACP dispatch component. This allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths, bypassing the root directory checks and the attachment-cache. **Recommendations** Update to version 2026.3.31.
PT-2026-35787
8.8
2026-04-03
Openclaw · Openclaw · CVE-2026-41404
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** An incomplete scope-clearing issue exists in trusted-proxy authentication mode, enabling operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, which allows self-declared scopes to persist on identity-bearing authentication paths. **Recommendations** Update to version 2026.3.31.