CVE-2026-26325 OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-26325 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-26325 Source advisory: OSV:GHSA-H3F9-MJWJ-W476...

CVE-2022-26325

Reflected Cross Site Scripting XSS vulnerability in NetIQ Access Manager prior to 5.0.2...

CVE-2025-26325

creationtimestamp| type| source ---|---|--- 2025-02-28 01:08:13+00:00| seen| https://t.me/cvedetector/19098 2025-02-28 01:53:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lj7cctuxwh27 2025-02-28 19:49:12+00:00| seen|...

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php...

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php...

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php...

ownCloud < 10.14.0 Multiple Improper Input Validation Vulnerabilities

ownCloud is prone to multiple improper input validation vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress ReviewX Plugin <= 1.6.12 is vulnerable to SQL Injection

Software ReviewX Type Plugin Vulnerable versions = 1.6.12 Fixed in 1.6.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26325 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2483e29b3913 Credits Joshua Martinelle Required privilege Subscriber...

CVE-2023-26325

creationtimestamp| type| source ---|---|--- 2023-02-23 22:18:40+00:00| seen| https://t.me/cibsecurity/58817 2025-03-12 14:40:45+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7309...

CVE-2023-26325

The 'rxexportreview' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters...

CVE-2023-26325

The 'rxexportreview' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters...

CVE-2023-26325

The CVE-2023-26325 issue affects the ReviewX WordPress Plugin. Concrete details: vulnerable action rx_export_review and an authenticated SQL injection in the filterValue and selectedColumns parameters. Affected software: ReviewX WordPress Plugin versions prior to 1.6.4 (per Patchstack and PT Secu...

CVE-2022-26325

Reflected Cross Site Scripting XSS vulnerability in NetIQ Access Manager prior to 5.0.2...

CVE-2022-26325 Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2

Reflected Cross Site Scripting XSS vulnerability in NetIQ Access Manager prior to 5.0.2...

CVE-2022-26325

NetIQ Access Manager is affected by a reflected XSS in versions prior to 5.0.2. The vulnerability stems from insufficient input validation/output filtering of user-supplied data, enabling execution of JavaScript in the user’s browser. Impact is client-side script execution for targeted users; no ...

CVE-2021-26325

CVE-2021-26325 describes insufficient input validation in the SNP_GUEST_REQUEST command, which may lead to a data abort error and a denial of service. The vulnerability is localized (attack vector: LOCAL) with low attack complexity per NVD CVSS v2/v3 data, and it can impact availability (HIGH in ...

Magento Cross-Site Request Forgery Vulnerability (CNVD-2019-26325)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site request forgery vulnerability exists in Magento versions 2.1.18 before 2.1, 2.2.9 before 2.2.2 and...

CVE-2020-26325

CVE-2020-26325 is rejected; not used; this candidate does not represent an active vulnerability entry.

CVE-2020-26325

...