Lucene search
K

850 matches found

Patchstack
Patchstack
added 2026/04/09 10:3 p.m.9 views

WordPress Post Blocks & Tools plugin <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Magazine Companion versions = 1.3.0...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/08 12:7 p.m.5 views

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...

6AI score0.00372EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/04/05 7:9 a.m.130 views

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

5.8AI score
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.7 views

Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app...

6.4CVSS6AI score0.00291EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/19 2:16 a.m.4 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS0.00291EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.1AI score0.00291EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 1:0 a.m.7 views

EUVD-2026-13025

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.25 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS0.00291EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 1:0 a.m.4 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.8AI score0.00291EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-32403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.31 views

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

5.8AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:42 a.m.8 views

CVE-2026-32403

CVE-2026-32403 concerns the WordPress plugin Toocheke Companion (

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Toocheke Companion 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25249

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
CNVD
CNVD
added 2026/03/09 12:0 a.m.7 views

Unspecified Vulnerability in Google Android (CNVD-2026-14652)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which originates from a logic error in the onStart function of CompanionDeviceManagerService.java, which can be exploited by an attacker to cause a local elevation of...

7.8CVSS5.9AI score0.00098EPSS
Exploits0References1
Rows per page
Query Builder