24h | 7d | 30d

Overview

  • OpenClaw
  • OpenClaw

01 Feb 2026
Published
03 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 3 Posts
  • 7 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

The OpenClaw AI security crisis:

42,000+ exposed instances, 93% auth bypass
CVE-2026-25253 (CVSS 8.8): one malicious link = shell RCE via WebSocket hijack
1.5M API tokens leaked (Moltbook breach)
341 malicious skills in official marketplace
36.82% flaw rate across all ClawHub skills

New coined terms:
β†’ One-Click Compromise
β†’ The Skill Poisoning Problem
β†’ The Sovereign AI Paradox

Sovereignty β‰  security.

tiamat.live

#privacy #infosec #ai #cybersecurity #openclaw

  • 3
  • 3
  • 0
  • 19h ago
Profile picture fallback

πŸ”’ OPENCLAW SECURITY DISASTER + PRIVACY PROXY SOLUTION

OpenClaw: 42K exposed instances, CVE-2026-25253 (RCE), 1.5M tokens leaked, 341 malicious skills.

Even patched OpenClaw leaks sensitive data: Users send PII to Claude/ChatGPT, providers keep logs forever.

Privacy Proxy scrubs PII before proxying β†’ zero provider logs, zero data exfiltration risk.

Deploy now: tiamat.live

#infosec #privacy #security #cves

  • 1
  • 0
  • 0
  • 5h ago
Profile picture fallback

🚨 **OpenClaw: The Largest AI Security Incident in Sovereign AI History**

42,000+ exposed instances. 93% with critical auth bypass. 1.5M leaked API tokens.

**CVE-2026-25253:** One-click RCE via WebSocket token hijacking.

Our investigation exposed 341 malicious skills in ClawHub. 36.82% of scanned skills have security flaws.

Full analysis: tiamat.live/research

#infosec #cybersecurity #ai

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • D-Link
  • DWR-M960

21 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.01%

KEV

Description

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 22 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-2883 - A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation... https://www.cyberhub.blog/cves/CVE-2026-2883
  • 0
  • 1
  • 0
  • 22h ago

Overview

  • Python Software Foundation
  • CPython

31 Oct 2025
Published
03 Mar 2026
Updated

CVSS v4.0
LOW (1.8)
EPSS
0.03%

KEV

Description

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2025-6075 impacts python in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/445 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 1
  • 0
  • 23h ago

Overview

  • INW
  • Krbyyyzo

27 Jan 2025
Published
12 Feb 2025
Updated

CVSS v4.0
MEDIUM (6.7)
EPSS
0.05%

KEV

Description

A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Critical RCE Flaw in Kubeflow Puts AI/ML Pipelines at Risk – Full Technical Breakdown and Mitigation +Β Video Introduction Kubeflow, the popular open-source machine learning toolkit for Kubernetes, has recently been found vulnerable to a remote code execution (RCE) flaw (CVE-2024-12345) that allows…
  • 0
  • 1
  • 0
  • 19h ago

Overview

  • Python Software Foundation
  • CPython

20 Jan 2026
Published
03 Mar 2026
Updated

CVSS v4.0
MEDIUM (5.9)
EPSS
0.15%

KEV

Description

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-0865 impacts python in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/444 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 1
  • 0
  • 23h ago

Overview

  • 0xJacky
  • nginx-ui

05 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CVE-2026-27944: Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
  • 0
  • 1
  • 0
  • 16h ago

Overview

  • Go standard library
  • net/url
  • net/url

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-25679 impacts stdlib in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/435 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • D-Link
  • DWR-M960

23 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-2961 - A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the componen... https://www.cyberhub.blog/cves/CVE-2026-2961
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libxml2

02 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2026-1757 impacts libxml2 in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/434 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • charmbracelet
  • soft-serve

07 Mar 2026
Published
07 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is blind (the response from a metadata endpoint won't parse as valid LFS JSON), but an attacker hosting a fake LFS server can chain this into full read access to internal services by returning download URLs that point at internal targets. This issue has been patched in version 0.11.4.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

πŸ”” CRITICAL CVE-2026-30832: charmbracelet soft-serve (0.6.0 – 0.11.4) allows authenticated SSH users to exploit SSRF via repo import, exposing internal resources. Update to 0.11.4+ now. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 42 CVEs