615 matches found
CVE-2025-69103
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2026-39433
The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions
PT-2026-50080
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2026-0238
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...
ERPNext 跨站脚本漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a cross-site scripting vulnerability. This vulnerability arises from users with project record editing privileges being able to persist arbitrary...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...
WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...
CVE-2026-42506
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
CVE-2026-0238
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...
CVE-2026-0238
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...
CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...
GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed
Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...
PraisonAI 路径遍历漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall helper function not verifying the linkname of members and not rejecting...
AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content
Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...
CVE-2026-43526
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
CVE-2026-43526
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
EUVD-2026-27263
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
PT-2026-37012
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Attackers can...