Nedlir

**Name of the Vulnerable Software and Affected Versions** keystonejs keystone versions prior to 20260319 **Description** A remote resource consumption issue exists within the GraphQL API Endpoint component, specifically affecting the library `packages/core/src/lib/core/queries/output-field.ts`. This allows a remote attacker to manipulate the system, leading to excessive resource usage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PrefectHQ prefect versions prior to 3.6.22 **Description** Improper authentication in the Health Check API allows a remote attacker to perform a manipulation. This issue specifically impacts the `endswith()` function within the '/api/health' endpoint. **Recommendations** Update to version 3.6.22.

**Name of the Vulnerable Software and Affected Versions** PrefectHQ prefect versions prior to 3.6.25.dev7 **Description** An argument injection issue exists in the GitRepository Pull Handler component within the `src/prefect/runner/storage.py` file. Remote attackers can exploit this by manipulating the `commit sha` or `directories` arguments. **Recommendations** Upgrade to version 3.6.25.dev7.

**Name of the Vulnerable Software and Affected Versions** PrefectHQ prefect versions prior to 3.6.28.dev2 **Description** A time-of-check time-of-use (TOCTOU) issue exists in the `validate restricted url()` function of the Webhook/Notification component. This flaw allows a remote attacker to manipulate the system, although the attack is characterized by high complexity and is difficult to exploit. **Recommendations** Update to version 3.6.28.dev2.

**Name of the Vulnerable Software and Affected Versions** PrefectHQ prefect versions prior to 3.6.14 **Description** A flaw in the WebSocket Endpoint component allows a remote attacker to perform a manipulation that leads to missing authentication. The issue is located within the '/api/events/in' endpoint. **Recommendations** Upgrade to version 3.6.14.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.19 **Description** The software contains a command injection issue within the `tools.exec.safeBins` component. This allows attackers to bypass restrictions intended for stdin-only operations. Specifically, the use of sort output flags or recursive grep flags can be exploited. Attackers can perform arbitrary file writes using `sort -o` or recursive file reads using `grep -R`, effectively circumventing the safe-bin execution restrictions. **Recommendations** Update to version 2026.2.19 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.23 **Description** The software contains an authorization bypass issue in the ACP client. The client auto-approves tool calls based on untrusted `toolCall.kind` metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool metadata or using non-core read-like names to reach auto-approve paths. **Recommendations** Update OpenClaw to version 2026.2.23 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.19-2 **Description** A flaw exists in the `applySkillConfigenvOverrides` function within the Skill Env Handler component. This issue allows for code injection when a manipulation is executed remotely. The issue arises because the function copies `skills.entries.*.env` values into the host `process.env` without applying host environment safety policies, potentially allowing injection of dangerous process-level variables like `NODE OPTIONS`. An attacker must be able to modify OpenClaw local state or configuration to set `skills.entries.<skill>.env` or related skill config values. **Recommendations** Upgrade to OpenClaw version 2026.2.21-beta.1 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.19 **Description** The `tools.exec.safeBins` component contains an input validation bypass that allows attackers to execute unintended filesystem operations. Specifically, the issue arises when using `sort` output flags (like `-o` or `--output`) or recursive `grep` flags. Attackers with command execution access can exploit this to perform arbitrary file writes using the `sort -o` flag or recursive file reads using the `grep -R` flag, bypassing the intended stdin-only restrictions. The affected component, `tools.exec.safeBins`, allows for filesystem access when these flags are enabled within safe-bin execution paths. **Recommendations** Update to OpenClaw version 2026.2.19 or later.

**Name of the Vulnerable Software and Affected Versions** eBay API MCP Server (all versions) **Description** An environment variable injection issue exists in the `updateEnvFile` function located in `src/auth/oauth.ts`. The `ebay set user tokens` tool allows updating the `.env` file with new tokens, but the `updateEnvFile` function appends or replaces values without validating them for quotes or newlines. This lack of sanitization enables an attacker to inject arbitrary environment variables into the configuration file. Potential impacts include configuration overwrites, such as hijacking OAuth flows by modifying `EBAY REDIRECT URI`, Denial of Service by injecting invalid configurations, and Remote Code Execution (RCE) by controlling variables like `NODE OPTIONS`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `ebay set user tokens` tool and the `updateEnvFile` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.19-beta.1 **Description** An issue exists in OpenClaw related to information disclosure within the `tools.exec.safeBins` function of the File Existence Handler component. Manipulation of this function can lead to information exposure through discrepancy, requiring local access for exploitation. The issue involves a file-existence oracle where command behavior differs based on whether a file exists on the host filesystem, allowing attackers to probe for file presence and potentially enumerate the filesystem. **Recommendations** Upgrade to version 2026.2.19-beta.1 or later to address this issue.

**Name of the Vulnerable Software and Affected Versions** Fabric.js versions prior to 7.2.0 **Description** Fabric.js is a Javascript HTML5 canvas library susceptible to a stored cross-site scripting (XSS) issue during SVG export. The library applies `escapeXml()` to text content during SVG export but does not apply it to other user-controlled string values interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via the `loadFromJSON()` function and subsequently exported using `toSVG()`, unescaped values can break out of XML attributes and inject arbitrary SVG elements, including event handlers. Applications accepting user-supplied JSON through `loadFromJSON()`, collaborative sharing, import features, or CMS plugins, and rendering the `toSVG()` output in a browser context (such as SVG previews, export downloads rendered in-page, or email templates) are potentially vulnerable. An attacker could execute arbitrary JavaScript in the victim’s browser session. The vulnerable code is located in `src/shapes/Text/TextSVGExportMixin.ts:186`. **Recommendations** Versions prior to 7.2.0 should be updated to version 7.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** WebErpMesv2 versions prior to 1.19 **Description** WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Versions prior to 1.19 contain a file upload validation bypass in multiple controllers. This allows authenticated users to upload arbitrary files, including PHP scripts, potentially leading to Remote Code Execution (RCE). The issue is similar to another reported problem but exists in different code locations. **Recommendations** Update to version 1.19 or later.

**Name of the Vulnerable Software and Affected Versions** WebErpMesv2 versions prior to 1.19 **Description** The WebErpMesv2 application lacks authentication middleware for multiple sensitive API endpoints. This allows an unauthenticated remote attacker to read business-critical data, including companies, quotes, orders, tasks, and whiteboards. Limited write access permits the creation of company records and full manipulation of collaboration whiteboards. The affected API endpoints include those for accessing company data, quotes, orders, tasks, and whiteboards. **Recommendations** Update to version 1.19 or later.

**Name of the Vulnerable Software and Affected Versions** Tendenci versions 15.3.11 and earlier **Description** Tendenci, an open source content management system, has a critical deserialization issue in the Helpdesk module. An authenticated user with staff security level can achieve Remote Code Execution (RCE) due to the use of Python's pickle module in the helpdesk /reports/ functionality. The original vulnerability, addressed by CVE-2020-14942, was incompletely patched. While the `ticket list()` function was updated to use safe JSON deserialization, the `run report()` function continues to use the unsafe `pickle.loads()` function. The impact of a successful exploit is limited to the permissions of the user account running the application, typically `www-data`. The `run report()` function is located in `tendenci/apps/helpdesk/views/staff.py`. **Recommendations** Update Tendenci to version 15.3.12 or later.