Lucene search
K

927 matches found

Nuclei
Nuclei
added yesterday99 views

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

6.1CVSS6.4AI score0.10358EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday49 views

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
OSV
OSV
added 2026/07/02 4:5 p.m.4 views

GHSA-MGQ6-VR84-7M2J OpenClaw: QQBot native approval buttons did not enforce configured approver identity

Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...

8CVSS5.8AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210351

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2025-63041

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.18 views

CVE-2025-63041

CVE-2025-63041 affects the WordPress plugin Forget About Shortcode Buttons (versions

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:52 p.m.6 views

WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Forget About Shortcode Buttons versions = 2.1.3...

5.4CVSS5.8AI score0.00209EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.5 views

PT-2026-52709

Name of the Vulnerable Software and Affected Versions Forget About Shortcode Buttons versions prior to 2.1.4 Description Broken access control allows contributors to perform unauthorized actions within the software. Recommendations Update to a version newer than 2.1.3...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49082

Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...

7.4CVSS0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-34904

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...

7.5CVSS5.4AI score0.00122EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 9:29 a.m.11 views

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...

7.4CVSS5.5AI score0.00264EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.18 views

CVE-2026-35630

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS5.8AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 5:21 p.m.11 views

Missing Authorization

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin...

8.6CVSS5.8AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:21 p.m.31 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin approval requests by interacting with approv...

8.6CVSS5.8AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 4:16 p.m.38 views

CVE-2026-35630

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 3:10 p.m.53 views

CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 3:10 p.m.10 views

CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS5.8AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 3:10 p.m.15 views

EUVD-2026-33335

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS5.8AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 3:10 p.m.24 views

CVE-2026-35630

OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...

8CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: intel-vbtn – Protect the ACPI notify handler from racing with itself Since the commit e2ffcda16290 “ACPI: OSL: Allow Notify handlers to run on all CPUs”, ACPI notify handlers like intel-vbtn’s notifyhandler may run ...

5.5CVSS5.3AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder