CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

MAL-2025-35631 Malicious code in test-mlw2-kokra-lunes (npm)

The package test-mlw2-kokra-lunes was found to contain malicious code...

CVE-2024-35631

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212...

CVE-2024-35631 WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212...

CVE-2024-35631 WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212...

CVE-2024-35631

FV Flowplayer Video Player (WordPress plugin) is affected by CVE-2024-35631: a Reflected Cross-Site Scripting vulnerability in versions up to 7.5.45.7212. The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject scripts that run in a user’s...

WordPress FV Flowplayer Video Player Plugin <= 7.5.45.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.45.7212 Fixed in 7.5.46.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35631 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 55cedf8dbca9 Credits Dimas...

CVE-2023-35631

Win32k Elevation of Privilege Vulnerability...

CVE-2023-35631

Win32k Elevation of Privilege Vulnerability...

CVE-2023-35631 Win32k Elevation of Privilege Vulnerability

...

CVE-2023-35631

CVE-2023-35631 is a Win32k Elevation of Privilege vulnerability disclosed for Windows. According to the sources, it can be exploited locally with low privileges and no user interaction to achieve high impact on confidentiality, integrity, and availability (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; CVS...

SUSE CVE-2021-35631

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

RHEL 8 : mysql:8.0 (RHSA-2022:7119)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7119 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

CentOS 8 : mysql:8.0 (CESA-2022:7119)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7119 advisory. - mysql: Server: DML unspecified vulnerability CPU Oct 2021 CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607 - mysql: Server: Optimizer...

CVE-2022-35631

creationtimestamp| type| source ---|---|--- 2022-07-29 20:13:49+00:00| seen| https://t.me/cibsecurity/47273...

CVE-2022-35631

Velociraptor (MacOS/Linux) CVE-2022-35631: a symlink attack could occur by replacing a predictable file name with a symlink to another file, allowing the Velociraptor client to overwrite that file. Root cause: predictable filename used during client-server interactions. Impact is local and authen...

CVE-2020-35631

creationtimestamp| type| source ---|---|--- 2022-04-18 20:29:31+00:00| seen| https://t.me/cibsecurity/41034...

CVE-2020-35631

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-35631

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-35631

CVE-2020-35631 describes multiple code-execution vulnerabilities in CGAL 5.1.1’s Nef polygon-parsing. The issues are caused by out-of-bounds reads and type confusion in the SNC_io_parser and related Nef/PM/SM parser code paths (e.g., read_sface, read_vertex, read_hedge, read_face, read_sloop, etc...