6494 matches found
CVE-2026-4087
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
GHSA-3R78-RQG8-95GG Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqx8-9xxw-f2m7. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized...
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
CVE-2026-32053
CVE-2026-32053 affects OpenClaw versions prior to 2026.2.23. The root cause is a flaw in Twilio webhook event deduplication, where normalized event IDs are randomized per parse, allowing replayed webhook events to bypass dedupe checks. This can cause duplicate or stale call-state transitions, lea...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the subDir parameter in volume identifiers. An attacker can cause unintended directories on the NFS server to be deleted or modified by crafting volume identifiers containing path...
GHSA-2MJQ-54QG-7W6J NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
EUVD-2026-13857
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
EUVD-2026-13859
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
EUVD-2026-13848
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
EUVD-2026-13831
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
EUVD-2026-13850
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
PT-2026-26876
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint ids' parameter of the pprh update hints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
CVE-2026-3864
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
CVE-2026-32663
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-31926
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27649
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-28204
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-31926
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-31926
Technical details about CVE-2026-31926 are not publicly available in the provided documents. Monitor for updates from vendors and CSIRTs.