850 matches found
WordPress Post Blocks & Tools plugin <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Magazine Companion versions = 1.3.0...
WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...
Exploit for CVE-2024-23700
PoC for CVE-2024-23700, allowing silently obtain permissions to...
CVE-2026-32403
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-31993
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app...
CVE-2026-31993
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
CVE-2026-31993
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
EUVD-2026-13025
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
EUVD-2026-11920
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-32403
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-32403
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
CVE-2026-32403
CVE-2026-32403 concerns the WordPress plugin Toocheke Companion (
WordPress plugin Toocheke Companion 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-25249
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...
Unspecified Vulnerability in Google Android (CNVD-2026-14652)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which originates from a logic error in the onStart function of CompanionDeviceManagerService.java, which can be exploited by an attacker to cause a local elevation of...