72474 matches found
CVE-2026-53863
OpenClaw before 2026.4.25 exposes an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. When a group ID is supplied to the policy resolver, it can lead to incorrect group-policy decisions for tool invocations, potentially bypassing intended access contr...
EUVD-2026-37063
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...
FLIR AX8 1.46.16 - Remote Command Injection
FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS...
Spring Cloud Gateway Code Injection
Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...
CyberPanel - Command Injection
CyberPanel contains a command injection vulnerability in the /ftp/getresetstatus and /dns/getresetstatus endpoints.The vulnerability exists due to improper validation of the 'statusfile' parameter, which is directly used in a shell command.The security middleware only validates POST requests,...
D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution
man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...
Oracle WebLogic Server - Remote Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...
ServiceNow - Incomplete Input Validation
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
TP-LINK - Local File Inclusion
TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...
Klog Server <=2.41 - Unauthenticated Command Injection
Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...
ServiceNow UI Macros - Template Injection
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
EUVD-2026-37023
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-12161
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
PT-2026-49780
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An input validation issue exists in tool group policy callers that accept unvalidated group IDs. An attacker capable of supplying a group ID to the policy resolver could trigger incorrect...