1622 matches found
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
CVE-2026-62229
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-62229
OpenClaw prior to 2026.5.18 contains an authorization bypass in exec allowlist glob matching. This allows lower-trust callers to execute actions beyond intended authorization by crafting input paths that traverse the allowlist glob patterns when the affected feature is enabled. According to the C...
CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
EUVD-2026-45117
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-46341
CVE-2026-46341 affects Apify MCP Server prior to v0.9.21, where fetch-apify-docs.ts validates allowed domains with a startsWith() check instead of proper hostname comparison, enabling attacker-controlled subdomains (e.g., https://docs.apify.com.evil.com/ or https://[email protected]/) to pa...
CVE-2026-46341 Apify MCP server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...
CVE-2026-55652 Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)
Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADERLOGINTRUSTEDIPS uses getRequestIp in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADERLOGINID f...
CVE-2026-46635
Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP arraycolumn, which reads public and magic properties without reaching CoreExtension::getAttribute or SandboxExtension::checkPropertyAllowed, allowing an untrusted template author with column in...
CVE-2026-48808 Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...
CVE-2026-45066
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...
CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection
setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...
CVE-2026-44767
The CVE-2026-44767 issue arises from setThemeRoot() not enforcing the sap-allowed-theme-origins allowlist, allowing an attacker-controlled absolute cross-origin URL to be stored and used in a element even without a sap-allowed-theme-origins meta tag. The same bypass is reachable via the ?sap-the...
CVE-2026-44767
setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...
EUVD-2026-42899
PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...
CVE-2026-61434
CVE-2026-61434 involves PraisonAI prior to version 4.6.78, where an allowlist bypass in shell command execution enables attackers to abuse find’s built-in -exec, -execdir, and -delete actions. By crafting find commands that use these actions, an attacker can read blocked files, delete files, or r...
CVE-2026-61434 PraisonAI before 4.6.78 Allowlist Bypass via find -exec
PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...
CVE-2026-9838
The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...
CVE-2026-15319
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...
CVE-2026-15319
The CVE-2026-15319 entry concerns Sipeed PicoClaw up to version 0.2.9, where the IPAllowlist function in web/backend/middleware/access_control.go within the Launcher component can be manipulated, leading to improper access controls. This vulnerability is exploitable remotely, and public disclosur...