zsx

6 exploits Active since Feb 2018
CVE-2026-43531 WRITEUP HIGH WRITEUP
OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise application behavior.
CVSS 7.3
CVE-2026-43534 WRITEUP CRITICAL WRITEUP
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
CVSS 9.1
CVE-2026-43535 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more privileged sender's context, causing earlier messages to execute with elevated permissions.
CVSS 6.8
CVE-2026-43571 WRITEUP HIGH WRITEUP
OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading.
CVSS 8.8
CVE-2026-43573 WRITEUP HIGH WRITEUP
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.
CVSS 7.7
CVE-2018-6656 WRITEUP MEDIUM WRITEUP
Zblogcn Z-blogphp - CSRF
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
CVSS 6.5