13 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. There were security vulnerabilities in the versions of OpenClaw from 2026.2.14 to 2026.3.24. These vulnerabilities stemmed from inconsistent application of Discord button and component interactions in channels and...
CVE-2026-29048
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
EUVD-2026-10014
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048
HumHub (Open Source Enterprise Social Network) vulnerability CVE-2026-29048 affects HumHub 1.18.0 in the Button component, where inconsistent output encoding allows cross-site scripting. The CVSS 4.0 vector yields a base score of 6.9 (Medium) with network attack vector, low attack complexity, and...
CVE-2026-29048 HumHub: XSS in Button component
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048 HumHub: XSS in Button component
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048 HumHub: XSS in Button component
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
HumHub 跨站脚本漏洞
HumHub is an open-source social networking software developed using the Yii PHP framework. Version HumHub 1.18.0 contains a cross-site scripting vulnerability. This vulnerability stems from inconsistent output encoding in the Button component, which may allow malicious scripts to be injected and...
PT-2026-23656
Name of the Vulnerable Software and Affected Versions HumHub version 1.18.0 Description HumHub is an Open Source Enterprise Social Network. A cross-site scripting issue exists in the Button component due to inconsistent output encoding. This allows for the injection and execution of malicious...
CVE-2025-23632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through = 1.0.5.6...
Directory Traversal
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...