4 matches found
EUVD-2026-36316
OpenClaw's marketplace runtime extension metadata could point at unscanned payloads...
CVE-2026-53810 OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...
CVE-2026-35454
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
TYPO3 Job Fair Arbitrary File Upload Vulnerability
TYPO3 is a free and open source content management system, Job Fair is a marketplace work extension plugin based on Extbase and Fluid. An arbitrary file upload vulnerability exists in TYPO3 Job Fair, which allows remote attackers to exploit the vulnerability to submit a special file and execute i...