Falhas do tipo CWE-636
34 resultadosCVE-2026-27448LOWpyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callbackEPSS 0.2%CVE-2021-3614MEDIUMA vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under cEPSS 0.2%CVE-2026-41377MEDIUMOpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin InstallationEPSS 0.2%CVE-2026-45781LOWMCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claimsEPSS 0.2%CVE-2026-53852LOWOpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairingEPSS 0.2%CVE-2025-54870HIGHVTun-ng's failure to initialize encryption modules may cause reversion to plaintextEPSS 0.2%CVE-2026-53837MEDIUMOpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event HandlersEPSS 0.2%CVE-2026-35205HIGHHelm's plugin verification fails open when .prov is missing, allowing unsigned plugin installEPSS 0.2%CVE-2023-4030HIGHA vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover toEPSS 0.2%CVE-2026-35042HIGHfast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.2%CVE-2026-49317LOWIndian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at bootEPSS 0.1%CVE-2026-49318LOWIndian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at bootEPSS 0.1%CVE-2026-32970LOWOpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefsEPSS 0.1%CVE-2026-55568MEDIUMGuzzle: Silent HTTPS-Proxy Downgrade to CleartextEPSS —