Fallos del tipo CWE-184
134 resultadosCVE-2026-42427MEDIUMOpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable InjectionEPSS 0.2%CVE-2026-41206MEDIUMPySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_codeEPSS 0.2%CVE-2026-53848LOWOpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command WrappersEPSS 0.2%CVE-2026-54070HIGHSiYuan: Stored XSS in Bazaar marketplace via package README event handlersEPSS 0.2%CVE-2026-43991HIGHJunoClaw: plugin-shell shell-injection bypass via substring blocklistEPSS 0.2%CVE-2026-33139HIGHPySpector: Plugin Sandbox Bypass leads to Arbitrary Code ExecutionEPSS 0.2%CVE-2025-69277MEDIUMlibsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_poinEPSS 0.2%CVE-2026-57234LOWNokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247EPSS 0.2%CVE-2026-45037HIGHTabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocationEPSS 0.1%CVE-2026-44114HIGHOpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenvEPSS 0.1%CVE-2026-41391MEDIUMOpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL HandlingEPSS 0.1%CVE-2026-41392MEDIUMOpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File OptionsEPSS 0.1%CVE-2026-41915MEDIUMOpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec EnvironmentEPSS 0.1%CVE-2026-41332MEDIUMOpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable BlocklistEPSS 0.1%