CVE-2026-35650

creationtimestamp| type| source ---|---|--- 2026-04-10 19:30:36+00:00| published-proof-of-concept| Telegram/-hUuw8aTFVWSQYPf3qEKqcT3Zmmt4K4bisrN5sFAqL07rbc 2026-04-11 08:59:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj7hwnfhkt2e...

CVE-2026-35650

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation ...

CVE-2026-35650 OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation ...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-35650 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-35650 Source advisory: OSV:GHSA-39PP-XP36-Q6MG...

Linux Distros Unpatched Vulnerability : CVE-2022-35650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary...

MAL-2025-35650 Malicious code in test-mlw2-larva-curst (npm)

The package test-mlw2-larva-curst was found to contain malicious code...

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through = 1.3.0...

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through = 1.3.0...

CVE-2024-35650

The CVE CVE-2024-35650 concerns the MelaPress Login Security WordPress plugin. It is described as an authenticated (Admin+) PHP Remote File Inclusion vulnerability caused by improper control of the filename used in include/require statements. Affected software: Melapress Login Security versions u...

WordPress MelaPress Login Security Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software MelaPress Login Security Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-35650 Patch priority Low CVSS severity Low 4.9 Developer Melapress PSID 4d21f4313833 Credits YCInfosec Required privilege...

Moodle 4.0.x < 4.0.2 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...

Moodle Directory Traversal (CVE-2022-35650)

A Directory Traversal vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

Fedora: Security Advisory for moodle (FEDORA-2022-7e7ce7df2e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-35650

creationtimestamp| type| source ---|---|--- 2022-07-25 20:33:11+00:00| seen| https://t.me/cibsecurity/46935 2022-07-31 21:25:48+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/6409 2022-08-03 11:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/652...

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...

CVE-2021-35650

CVE-2021-35650 affects Oracle Secure Global Desktop (Oracle Virtualization), component: Client, version 5.6. The vulnerability is exploitable by a low-privileged user with network access via multiple protocols; exploitation requires user interaction and can grant unauthorized read access to a dat...

CVE-2020-35650

creationtimestamp| type| source ---|---|--- 2020-12-23 19:25:31+00:00| seen| https://t.me/cibsecurity/21232...

CVE-2020-35650

CVE-2020-35650 affects Uncanny Groups for LearnDash prior to v3.7, with multiple XSS vectors enabled by authenticated users. The vulnerability exists in various input points (POST parameters like ulgm_code_redeem, ulgm_user_first/last/email, ulgm_code_registration, ulgm_terms_conditions, _ulgm_to...