GHSA-J8CV-X86Q-RJ85

OpenClaw: Focus command could miss controlScope enforcement

OpenClaw: memory-wiki shared search could miss session visibility checks

AgenticMail: Cross-agent task authorization bypass in AgenticMail API

Kirby: `pages.access` permission is not checked in the `site/find` REST API route

Kirby: Access to files of top-level drafts is not protected by permissions

Kirby: `pages.access` permission is not checked in the pages picker for parent pages