Security Vulnerabilities
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials.
CVSS Score
5.8
EPSS Score
0.0
Published
2026-04-23
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-04-23
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.004
Published
2026-04-23
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-04-23
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-04-23
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-04-23
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-04-23
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-04-23
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.6
EPSS Score
0.001
Published
2026-04-23
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files outside the project storage boundary to cause recursive deletion of attacker-chosen directories with permissions of the radare2 process, resulting in integrity and availability loss.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-23