@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41350 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41350 Source advisory: SNYK:JS-OPENCLAW-15928886...

CVE-2024-41350

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/imageUp.php...

CVE-2025-41350

Stored Cross-site Scripting XSSvylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in...

CVE-2025-41350

creationtimestamp| type| source ---|---|--- 2025-11-18 13:41:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5vuiyoe3p2w...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2024-41350

creationtimestamp| type| source ---|---|--- 2024-08-29 22:55:31+00:00| seen| https://t.me/cvedetector/4472...

CVE-2023-41350

The CVE-2023-41350 entry concerns the Chunghwa Telecom NOKIA G-040W-Q router. The available documents describe an authentication-flaw: insufficient measures to prevent multiple failed authentication attempts, allowing an unauthenticated attacker to craft JavaScript that exposes the captcha, there...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-41350

CVE-2022-41350 affects Zimbra Collaboration Suite (ZCS) 8.8.15. The vulnerability is a Reflected XSS in the /h/search?action=voicemail&action=listen endpoint where the phone parameter is not properly sanitized, allowing execution of arbitrary JavaScript on the victim’s machine. Public documents c...

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

Hello everyone! This episode will be about relatively recent critical vulnerabilities. Lets start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didnt get there. Autodiscover leak discovered by Guardicore Labs "Autodiscover, a...

CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability

...

CVE-2021-41350

Technical details about CVE-2021-41350 are not provided in the supplied documents. Public sources only identify it as a spoofing vulnerability in Microsoft Exchange Server; no affected versions, root cause, or fixes are disclosed here. Monitor for updates.

CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability

...

KLA12314 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

BrightStor ARCserve Backup LGServer directory traversal

Added: 02/15/2008 CVE: CVE-2007-5005 BID: 24348 OSVDB: 41350 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A directory traversal vulnerability in rxRPC.dll in the...