The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.
Tracking 200+ vulnerabilities from NVD, Tenable, and CNNVD. Exploit and PoC data updated continuously.
The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.
Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be written onto values that application code expected to be arrays. When processing application/x-www-form-urlen
The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages
The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete a
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary working directory, leading to arbitrary file write with the privileges of the Stirling-PDF process user (sti
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If the map holding the catchall elements is also going away, its required to toggle all catchall eleme
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the slave device beforehand. When a gretap tunnel is a TEQL slave, the transmit path reaches iptunnel_xmit() which saves dev
In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels route back through the bond, multicast/broadcast traffic triggers infinite recursion between bon
In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORING_SQ_TASKRUN to happen in the small window of swapping into the new rings and the old rings being freed. Prevent this by add
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revision 1 with XT_IDLETIMER_ALARM, the object uses alarm timer semantics and timer->timer is never initialized. Reusing that o
In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens after my prior patch. macvlan_common_newlink() might have made @dev visible before detecting an error, and its caller will directly call free_netdev(dev). We must respect an RCU period, either in macvl
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it already. To address this issue, add the element transaction even if set is full, but toggle the set_ful
In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled. This opens up a race vs perf_event_exit_event() and friends that will go and free
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the UDM's Nudm_SubscriberDataManagement API. This causes URL parsing failure in Go's net/url package with the error "invalid
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks internal error handling behavior and makes it difficult for clients to distinguish between client
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path t
exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescaped {!! json_encode(...) !!} without safe encoding flags allows string values to break out of the JavaSc
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network services. There is no URL validation on base_url parameter.
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in theJsonBeanPropertyBinder::expandArrayToThreshold, which allows remote attackers to cause a DoS (non-terminating loop, CPU exhaustion, and O
ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue has been fixed in versions 15.100.0 and 16.8.0.
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)—and thus the same key material—as if no USS is provided. This happens because a buffer index error overwrites the USS-enable
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowing any authenticated user (even the lowest-privileged) to fully compromise the backend server. The root cause is twofold: Excel Sheet names are concat
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc=
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in an
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successf
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for regist
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with pjsua_config.nameserver or UaConfig.nameserver in PJSUA/PJSUA2. It does not affect users who rely on the OS resolver
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an attacker-controlled 4-byte length prefix to allocate memory, with ServerMaxMessageSize allowing single allocati
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. The unauthenticated /api/icon/getDynamicIcon endpoint serves user-controlled input (via the content param
DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase() without specifying an explicit Locale, causing its security checks to rely on the JVM's default runtime locale, while H2 JDBC always normalizes URLs using Locale.
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/*path, which only requires authentication, a publish-service visitor can cause the desktop kernel
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. This information includes credit allocations and usage statistics which are not intended to be
Ruby JSON has a format string injection vulnerability
AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends req
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting
XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap
Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.Txt allows Reflected XSS.This issue affects Website LLMs.Txt: from n/a through 8.2.6.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8.
Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kentha: from n/a through 4.7.2.
Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.
Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through 5.4.2.
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 3.9.4.
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handle_email_verification_page() function constructing a shortcode string from user-supplied GET parameters (token, email) and passing it to do_shortcode() without properly sanitizing square bracket characters, combined with mis
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through 1.2.6.
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3.
A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the lack of javascript: protocol filtering. The block's render.php passes all attributes as JSON to the fron
The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'add field' operation (line 24-36), but the 'delete field' operation (lines 38-49) processes the $_GET['de
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'display_name' post meta (Custom Field) in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is present. The plugin accesses `$draft_data->display_name` which, because `display_name` is not a native WP
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and r
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a before 1.5.6.
Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through 3.5.09.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2.
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4.
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9.
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0.
Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3.
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality.
OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution fallback mechanisms to achieve command execution integrity loss by controlling the current working director
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subprocess launch fails with EINVAL or ENOENT errors.
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrict
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execut
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass incomplete allowlist validation and execute arbitrary commands on the paired host.
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime.
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries.
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations.
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remot
OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit this by sending repeated requests with different query parameters to cause memory pressure, process instability, or out-of-memory conditions that degrade s
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\ followed by a newline and opening parenthesis inside double quotes, causing the shell to fold the line continuation i
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.
OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding parent directory symlinks to redirect writes outside the extraction root.
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands.
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands through environment variable values containing metacharacters like &, |, ^
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server t
PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses paths from the log list file with no width specifier, allowing a path longer than 60 characters to overfl
[CNNVD CNNVD-202603-3438] wolfSSL(CyaSSL) 安全漏洞
[CNNVD CNNVD-202603-3472] OpenEMR 操作系统命令注入漏洞
[CNNVD CNNVD-202603-3383] Discourse 安全漏洞
[CNNVD CNNVD-202603-3407] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3423] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3434] Discourse 安全漏洞
[CNNVD CNNVD-202603-3470] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3457] ormar 安全漏洞
[CNNVD CNNVD-202603-3477] wolfSSL(CyaSSL) 安全漏洞
[CNNVD CNNVD-202603-3494] OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
[CNNVD CNNVD-202603-3485] Sercomm SCE4255W 安全漏洞
[CNNVD CNNVD-202603-3508] Ubiquiti UniFi Network Application 安全漏洞
[CNNVD CNNVD-202603-3468] Microsoft Azure Data Factory 信息泄露漏洞
[CNNVD CNNVD-202603-3444] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3426] OpenWrt 安全漏洞
[CNNVD CNNVD-202603-3420] OpenClaw 操作系统命令注入漏洞
[CNNVD CNNVD-202603-3417] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3419] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3412] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3401] OpenClaw 路径遍历漏洞
[CNNVD CNNVD-202603-3392] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3393] OpenClaw 路径遍历漏洞
[CNNVD CNNVD-202603-3382] Spring Security 安全漏洞
[CNNVD CNNVD-202603-3509] ncurses 安全漏洞
[CNNVD CNNVD-202603-3387] Kubernetes ingress-nginx 安全漏洞
[CNNVD CNNVD-202603-3415] OpenClaw 代码问题漏洞
[CNNVD CNNVD-202603-3459] Discourse 安全漏洞
[CNNVD CNNVD-202603-3499] pgproto3 安全漏洞
[CNNVD CNNVD-202603-3593] OpenClaw 代码问题漏洞
[CNNVD CNNVD-202603-3592] OpenClaw 路径遍历漏洞
[CNNVD CNNVD-202603-3589] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3577] FreeScout 访问控制错误漏洞
[CNNVD CNNVD-202603-3575] OpenClaw 访问控制错误漏洞
[CNNVD CNNVD-202603-3571] OpenClaw 代码问题漏洞
[CNNVD CNNVD-202603-3570] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3568] FreeScout 安全漏洞
[CNNVD CNNVD-202603-3561] FreeScout 安全漏洞
[CNNVD CNNVD-202603-3540] OpenClaw 跨站脚本漏洞
[CNNVD CNNVD-202603-3515] BMC FootPrints 代码问题漏洞
[CNNVD CNNVD-202603-3510] BMC FootPrints 代码问题漏洞
[CNNVD CNNVD-202603-3506] WordPress plugin Photography 代码问题漏洞
[CNNVD CNNVD-202603-3504] OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
[CNNVD CNNVD-202603-3501] LASS 跨站脚本漏洞
[CNNVD CNNVD-202603-3500] libarchive 安全漏洞
[CNNVD CNNVD-202603-3498] wgcloud 安全漏洞
[CNNVD CNNVD-202603-3497] OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
[CNNVD CNNVD-202603-3496] OPEXUS eComplaint 安全漏洞
[CNNVD CNNVD-202603-3493] PyMuPDF 安全漏洞
[CNNVD CNNVD-202603-3492] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3490] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3489] Elastic Metricbeat 安全漏洞
[CNNVD CNNVD-202603-3487] Sercomm SCE4255W 安全漏洞
[CNNVD CNNVD-202603-3486] Sercomm SCE4255W 安全漏洞
[CNNVD CNNVD-202603-3484] Elastic Packetbeat 安全漏洞
[CNNVD CNNVD-202603-3483] Elastic Kibana 安全漏洞
[CNNVD CNNVD-202603-3480] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3478] OpenEMR 路径遍历漏洞
[CNNVD CNNVD-202603-3476] Microsoft .NET 安全漏洞
[CNNVD CNNVD-202603-3475] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3474] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3473] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3469] Microsoft Azure DevOps 安全漏洞
[CNNVD CNNVD-202603-3465] Microsoft M365 Copilot 命令注入漏洞
[CNNVD CNNVD-202603-3464] Microsoft Copilot 命令注入漏洞
[CNNVD CNNVD-202603-3463] Microsoft 365 Copilot Business Chat 代码问题漏洞
[CNNVD CNNVD-202603-3458] Discourse 跨站脚本漏洞
[CNNVD CNNVD-202603-3456] Discourse 跨站脚本漏洞
[CNNVD CNNVD-202603-3454] Smallstep step-ca 信任管理问题漏洞
[CNNVD CNNVD-202603-3453] qui 安全漏洞
[CNNVD CNNVD-202603-3451] SQLBot 安全漏洞
[CNNVD CNNVD-202603-3447] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3446] Discourse 信息泄露漏洞
[CNNVD CNNVD-202603-3445] OpenEMR 跨站脚本漏洞
[CNNVD CNNVD-202603-3443] OpenEMR 跨站脚本漏洞
[CNNVD CNNVD-202603-3442] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3441] OpenEMR 安全漏洞
[CNNVD CNNVD-202603-3440] OpenEMR 代码问题漏洞
[CNNVD CNNVD-202603-3439] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3433] wolfSSL 安全漏洞
[CNNVD CNNVD-202603-3430] Discourse 安全漏洞
[CNNVD CNNVD-202603-3428] Discourse 安全漏洞
[CNNVD CNNVD-202603-3424] OpenWrt 安全漏洞
[CNNVD CNNVD-202603-3422] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3421] OpenClaw 信息泄露漏洞
[CNNVD CNNVD-202603-3418] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3416] OpenClaw 路径遍历漏洞
[CNNVD CNNVD-202603-3414] OpenClaw 操作系统命令注入漏洞
[CNNVD CNNVD-202603-3408] OpenClaw 代码问题漏洞
[CNNVD CNNVD-202603-3406] OpenClaw 竞争条件问题漏洞
[CNNVD CNNVD-202603-3405] OpenClaw 代码问题漏洞
[CNNVD CNNVD-202603-3402] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3400] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3399] Discourse 访问控制错误漏洞
[CNNVD CNNVD-202603-3397] OpenClaw 安全漏洞
[CNNVD CNNVD-202603-3396] OpenClaw 路径遍历漏洞