@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35628 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35628 Source advisory: OSV:GHSA-VCX4-4QXG-MFP4...

MAL-2025-35628 Malicious code in test-mlw2-knive-touns (npm)

The package test-mlw2-knive-touns was found to contain malicious code...

CVE-2024-35628

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...

CVE-2024-35628 WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...

CVE-2024-35628

CVE-2024-35628 affects the WordPress plugin Photo Gallery by 10Web (versions up to 1.8.25). The issue is a Missing Authorization/Broken Access Control vulnerability that could allow unauthorized actions. Patch 1.8.26 fixes the flaw. Exploit details are not provided in the supplied documents; no a...

CVE-2024-35628 WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...

WordPress Photo Gallery by 10Web Plugin <= 1.8.25 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.25 Fixed in 1.8.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 904616965144 Credits Dhabaleshwar Das...

Microsoft patches 34 vulnerabilities, including one zero-day

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units CPUs, was shifted by AMD to software developers. Th...

CVE-2023-35628

creationtimestamp| type| source ---|---|--- 2023-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1182 2023-12-13 11:20:55+00:00| seen| https://t.me/truesecator/5194 2023-12-14 09:46:00+00:00| seen| https://t.me/cybersecs/2708 2025-02-28 23:49:13+00:00| seen|...

Microsoft Internet Explorer Memory Corruption Vulnerability (KB5033376)

This host is missing an important security update according to Microsoft KB5033376 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed

Microsofts monthly security update released Tuesday is the companys lightest in four years, including only 33 vulnerabilities. Perhaps more notable is that there are no zero-day vulnerabilities included in Decembers Patch Tuesday, a rarity for Microsoft this year. The companys regular set of...

CVE-2023-35628

Windows MSHTML Platform Remote Code Execution Vulnerability...

CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability

...

CVE-2023-35628

CVE-2023-35628 is a Windows MSHTML platform remote code execution vulnerability. The MSHTML rendering engine used by Windows and Outlook can be exploited by processing specially crafted email content, potentially allowing code execution on a target machine without user interaction. The CVE is rat...

CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability

...

Rocky Linux 8 : mysql:8.0 (RLSA-2022:7119)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7119 advisory. mysql: Server: DML multiple unspecified vulnerabilities CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413...

RHEL 8 : mysql:8.0 (RHSA-2022:7119)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7119 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

CentOS 8 : mysql:8.0 (CESA-2022:7119)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7119 advisory. - mysql: Server: DML unspecified vulnerability CPU Oct 2021 CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607 - mysql: Server: Optimizer...

AlmaLinux 8 : mysql:8.0 (ALSA-2022:7119)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7119 advisory. mysql: Server: DML multiple unspecified vulnerabilities CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413 mysql...

CVE-2022-35628

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3...