Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 163+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
Fix Command Injection in macOS keychain credential writing (CWE-78)
github.com · 2026-02-22

### Key Information Summary #### Vulnerability Description - **Type**: Command Injection Vulnerability - **Location**: macOS keychain credential writing functionality - **Files**: `src/agents/cli-cred…

Read more
High
Shell Injection (CWE-78) in macOS Keychain Credential Writing Fix
github.com · 2026-02-22
OpenClaw
Read more
Low
openclaw CVE-2026-27576 Prompt Injection and Resource Exhaustion Vulnerability
CVE-2026-27576 · github.com · 2026-02-22
openclaw <= 2026.2.17
Read more
High
Discord CVE-2026-27484: Untrusted sender identity in tool-driven moderation flows
GHSA-wh94-p5m6-mr7j · github.com · 2026-02-22
openclaw <=2026.2.17
Read more
Medium
Canvas fix: Default standalone servers to loopback bind to prevent network exposure
github.com · 2026-02-21
OpenClaw
Read more
High
Fix for Telnyx Webhook Signature Verification Bypass
github.com · 2026-02-21
openclaw/openclaw < 29b587e
Read more
High
Fix CSRF on loopback browser routes: block cross-origin mutations
github.com · 2026-02-21
openclaw
Read more
High
Fix for system.run allowlist/approval bypass via rawCommand/argv inconsistency
github.com · 2026-02-21
openclaw/openclaw
Read more
High
OpenClaw/Clawdbot CSRF via Loopback Mutation Endpoints (CVSS 7.1)
github.com · 2026-02-21
clawdbot <=2026.1.24-3 · openclaw <=2026.2.13
Read more
High
OpenClaw GHSA-6hf3-mhgc-cm65: Session Visibility Privilege Escalation & Telegram Webhook Config Flaw
GHSA-6hf3-mhgc-cm65 · github.com · 2026-02-21
openclaw <=2026.2.14
Read more
Medium
openclaw skills.status Secret Leakage Vulnerability (CVE-2026-26326)
GHSA-8mh7-phf8-xgfm · github.com · 2026-02-21
openclaw <= 2026.2.13
Read more
High
OpenClaw macOS Deep Link Truncation Vulnerability (CVE-2026-26320) and Patch
CVE-2026-26320 · github.com · 2026-02-21
OpenClaw macOS desktop client versions >= 2026.2.6 and <= 2026.2.13
Read more
High
OpenClaw Gateway Path Traversal Vulnerability (CVE-2026-26329) Advisory
CVE-2026-26329 · github.com · 2026-02-21
openclaw <2026.2.14
Read more
Medium
openclaw maintainer script command injection (CVE-2026-26323)
CVE-2026-26323 · github.com · 2026-02-21
openclaw >=2026.1.8 <2026.2.14
Read more
High
OpenClaw Unrestricted gatewayUrl Override Vulnerability (GHSA-g6q9-8fvw-f7rf)
GHSA-g6q9-8fvw-f7rf · github.com · 2026-02-21
openclaw <=2026.2.13
Read more
Medium
CVE-2026-26328: iMessage Group Allowlist Authorization Bypass in clawdbot/openclaw
CVE-2026-26328 · github.com · 2026-02-21
clawdbot <=2026.1.24-3 · openclaw <=2026.2.13
Read more
Critical
OpenClaw CVE-2026-27002: Docker Container Escape via Config Injection
CVE-2026-27002 · github.com · 2026-02-21
openclaw <= 2026.2.14
Read more
High
CVE-2026-26316: openclaw BlueBubbles Plugin Authentication Bypass via Loopback Trust
CVE-2026-26316 · github.com · 2026-02-21
@openclaw/bluebubbles < 2026.2.13 · openclaw < 2026.2.13
Read more
High
OpenClaw Telegram Webhook Missing Secret Token Verification (CVE-2026-25474)
CVE-2026-25474 · github.com · 2026-02-21
OpenClaw <=2026.1.30
Read more
High
CVE-2026-26327: Unauthenticated TXT Records Bypass TLS Pinning on iOS/macOS/Android
CVE-2026-26327 · github.com · 2026-02-21
openclaw <= 2026.2.13
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.