Zou Dikai

#9294of 53,639
29.4Total CVSS
Vulnerabilities · 5
Medium
5
PT-2026-37382
5.3
2026-04-29
Gnutls · Gnutls · CVE-2026-42015
**Name of the Vulnerable Software and Affected Versions** gnutls versions prior to 3.8.13-1.1 **Description** No detailed information was provided regarding the nature of the security issues fixed in this package. **Recommendations** Update to version 3.8.13-1.1.
PT-2026-34709
6.5
2026-04-23
Openclaw · Openclaw · CVE-2026-41908
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.20 **Description** A scope enforcement bypass exists in the 'assistant-media' route. This allows trusted-proxy callers who lack the `operator.read` scope to bypass identity-bearing HTTP auth path scope validation. Consequently, unauthorized users can access protected assistant-media files and metadata, enabling the retrieval of sensitive media content within allowed media roots. **Recommendations** Update to version 2026.4.20.
PT-2026-33823
5.8
2026-04-17
Openclaw · Openclaw · CVE-2026-41389
**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.4.7 through 2026.4.14 **Description** Failure to enforce local-root containment on tool-result media paths allows arbitrary local and UNC (Universal Naming Convention, a standard for specifying network shares) file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials. **Recommendations** Update to version 2026.4.15.
PT-2026-31812
5.3
2026-04-09
Libidn2 · Libidn2 · CVE-2026-5772
**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** A 1-byte stack buffer over-read exists in the `MatchDomainName` function (src/internal.c) during wildcard hostname validation when the `LEFT MOST WILDCARD ONLY` flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, potentially causing a crash. **Recommendations** Update to version 2.3 or later.
PT-2026-31813
6.5
2026-04-09
Wolfssl · Wolfssl · CVE-2026-5778
**Name of the Vulnerable Software and Affected Versions** wolfSSL versions 5.9.0 and earlier **Description** An integer underflow in the packet sniffer component of wolfSSL versions 5.9.0 and earlier can lead to a program crash. This occurs in the AEAD decryption path when processing malformed TLS Application Data records. Specifically, injecting a TLS record shorter than the expected length can trigger the underflow, resulting in a large out-of-bounds read during AEAD decryption. This can be exploited remotely by an unauthenticated attacker. **Recommendations** Update wolfSSL to a version later than 5.9.0.