Cyjhhh

#6998of 53,630
39Total CVSS
Vulnerabilities · 5
Medium
1
High
4
PT-2026-35776
7.3
2026-04-07
Openclaw · Openclaw · CVE-2026-41392
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** An exec allowlist bypass allows attackers to inherit allowlist trust through shell init-file wrapper invocations. By utilizing shell options such as `--rcfile`, `--init-file`, and `--startup-file`, attackers can load initialization files of their choice, bypassing the matching restrictions of the exec allowlist. **Recommendations** Update to version 2026.3.31.
PT-2026-35767
5.4
2026-04-03
Openclaw · Openclaw · CVE-2026-41382
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** An authorization bypass exists in the Discord voice ingress. This issue allows attackers to circumvent channel and member allowlist restrictions by exploiting improper channel name validation and gaps in stale-role validation, leading to unauthorized access to restricted voice channels. **Recommendations** Update to version 2026.3.31.
PT-2026-31958
8.8
2026-03-26
Openclaw · Openclaw · CVE-2026-35643
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains an unvalidated WebView JavascriptInterface issue. Attackers can inject arbitrary instructions via untrusted pages, invoking the canvas bridge to execute malicious code within the Android application context. Recommendations Update to version 2026.3.22 or later.
PT-2025-34274
8.7
2025-08-21
Pyload · Pyload · CVE-2025-57751
**Name of the Vulnerable Software and Affected Versions:** pyLoad versions prior to 0.5.0b3.dev92 **Description:** The `jk` parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied `jk` parameter to be directly passed to `dykpy.evaljs()`, leading to full server CPU utilization and rendering the web-ui unresponsive. The vulnerable code is located in `cnl blueprint.py` and `misc.py`. The `/flash/addcrypted2` API endpoint is affected. The `jk` parameter is vulnerable. **Recommendations:** Update pyLoad to version 0.5.0b3.dev92 or later.
PT-2025-32592
8.8
2025-08-11
Pyload · Pyload · CVE-2025-55156
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the `add links` parameter of the `/json/add package` API endpoint. This allows attackers to modify or delete data within the database, potentially leading to data errors or loss. Recommendations: Update to version 0.5.0b3.dev91 or later.