CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

PT-2026-29235

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

CVE-2026-33735

MyTube is affected by an authorization bypass in the /api/settings/import-database endpoint (and related POST routes) that lets low-privilege attackers upload and replace the application’s SQLite database, enabling full compromise. The issue precedes version 1.8.69, which contains the fix. Impact...

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-2941

The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksysearchandreplaceitemdetails' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

CVE-2026-33287

CVE-2026-33287 is not active by itself; connected advisory GHSA-6Q5M-63H6-5X4V documents a concrete vulnerability in LiquidJS. The issue lies in the replace_first filter: it delegates to String.prototype.replace() and charges memoryLimit only for the input, allowing exponential growth of the outp...

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

EUVD-2026-16064

LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...

GHSA-6Q5M-63H6-5X4V LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the replacefirst function. An attacker can exhaust system memory and disru...

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

SUSE CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

PT-2026-28163

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS is susceptible to a denial of service condition due to insufficient memory limit enforcement within the replace first filter. The filter utilizes JavaScript's String.prototype.replace,...

CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

CODESYS Control runtime system 安全漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...

WordPress Linksy Search and Replace plugin <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Update via linksysearchandreplaceitemdetails vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Linksy Search and Replace versions = 1.0.4...

EUVD-2026-14009

The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksysearchandreplaceitemdetails' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...