Lucene search
K

4 matches found

EUVD
EUVD
added 2026/07/02 4:0 p.m.9 views

EUVD-2026-36316

OpenClaw's marketplace runtime extension metadata could point at unscanned payloads...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 8:7 p.m.8 views

CVE-2026-53810 OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:51 p.m.5 views

CVE-2026-35454

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/06/17 12:0 a.m.5 views

TYPO3 Job Fair Arbitrary File Upload Vulnerability

TYPO3 is a free and open source content management system, Job Fair is a marketplace work extension plugin based on Extbase and Fluid. An arbitrary file upload vulnerability exists in TYPO3 Job Fair, which allows remote attackers to exploit the vulnerability to submit a special file and execute i...

7.5CVSS7.4AI score0.02673EPSS
Exploits0References1
Rows per page
Query Builder