OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

CVE-2022-50950

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

CVE-2019-2668

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Print Server. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-2279

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful...

EUVD-2017-12473

Malware in sbrugna...

EUVD-2017-12700

Malware in sbrugna...

EUVD-2018-19523

Malware in sbrugna...

EUVD-2019-0968

Malware in sbrugna...

EUVD-2025-17069

Malicious code in bioql PyPI...

EUVD-2022-36189

Malicious code in bioql PyPI...

EUVD-2024-38105

Malicious code in bioql PyPI...

EUVD-2023-23383

Malicious code in bioql PyPI...

CVE-2024-57152

Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class...

CVE-2025-48757

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a...

CVE-2022-29855

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 5.1.0.8016 and earlier, and 6.0 6.0.0.368 through 6.1 HF4 6.1.0.165, could allow a unauthenticated...

CVE-2021-31589

A cross-site scripting XSS vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization...

CVE-2020-14532

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2025-4762 Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer

Insecure Direct Object Reference IDOR vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...

WordPress Contact Form Widget plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Contact Form Widget versions = 1.4.6...

CVE-2025-40621 Multiple vulnerabilities in TCMAN's GIM

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...