Writeup Exploits

62,891 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-44109 WRITEUP CRITICAL
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.
CVSS 9.8
CVE-2026-44110 WRITEUP HIGH
OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.
CVSS 8.8
CVE-2026-44111 WRITEUP MEDIUM
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets.
CVSS 4.3
CVE-2026-44112 WRITEUP CRITICAL
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
CVSS 9.6
CVE-2026-44113 WRITEUP HIGH
OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access unauthorized file contents.
CVSS 7.7
CVE-2026-44114 WRITEUP HIGH
OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv
OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.
CVSS 7.8
CVE-2026-44115 WRITEUP HIGH
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.
CVSS 8.8
CVE-2026-44116 WRITEUP HIGH
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources.
CVSS 8.6
CVE-2026-44117 WRITEUP MEDIUM
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.
CVSS 5.8
CVE-2026-44118 WRITEUP HIGH
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.
CVSS 7.8
CVE-2018-13782 WRITEUP HIGH
EnterCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13783 WRITEUP HIGH
JiucaiToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13797 WRITEUP CRITICAL
node-macaddress < 0.2.9 - OS Command Injection via Unsanitized Input to exec Call
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
CVSS 9.8
CVE-2018-13818 WRITEUP CRITICAL
symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
CVSS 9.8
CVE-2018-13836 WRITEUP HIGH
Rocket Coin - Integer Overflow in multiTransfer Function
An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-13982 WRITEUP HIGH
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
CVE-2018-14002 WRITEUP HIGH
MP3 Coin - Integer Overflow in Distribute Function
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-14003 WRITEUP HIGH
WeMediaChain - Memory Corruption
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-14004 WRITEUP HIGH
GlobeCoin - Integer Overflow in transfer_tokens_after_ICO Function
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-14005 WRITEUP HIGH
Malaysia coins (Xmc) - Code Injection
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-14006 WRITEUP HIGH
Neo Genesis Token - Buffer Overflow
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
CVE-2018-14009 WRITEUP CRITICAL
Codiad < 2.8.4 - Remote Code Execution
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
CVSS 9.8
CVE-2018-14055 WRITEUP MEDIUM
ZNC <1.7.1-rc1 - Privilege Escalation
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
CVSS 6.5
CVE-2018-14071 WRITEUP CRITICAL
Geo Mashup <1.10.4 - Info Disclosure
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVSS 9.8
CVE-2018-14335 WRITEUP MEDIUM
H2 <1.4.197 - Info Disclosure
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
CVSS 6.5