CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

RedhatCVE•added 2026/02/23 1:31 p.m.•3 views

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.5AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2026/02/22 1:25 p.m.•5 views

CVE-2026-27484

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling timeout, kick, ban uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and...

4.3CVSS5.4AI score0.00032EPSS

Exploits0References1

NVD•added 2026/02/21 10:16 a.m.•6 views

CVE-2026-27484

4.3CVSS0.00032EPSS

Exploits0References3

ATTACKERKB•added 2026/02/21 9:21 a.m.•5 views

CVE-2026-27484

2.3CVSS5.5AI score0.00032EPSS

Exploits0References4Affected Software1

CVE•added 2026/02/21 9:21 a.m.•8 views

CVE-2026-27484

OpenClaw (npm openclaw) versions 2026.2.17 and earlier are vulnerable: moderation actions (timeout, kick, ban) incorrectly use sender identity from request parameters in tool-driven flows instead of trusted runtime sender context. This allows a non-admin user, in setups where moderation actions a...

4.3CVSS5.4AI score0.00032EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/21 9:21 a.m.•3 views

CVE-2026-27484 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

2.3CVSS5.4AI score0.00032EPSS

Exploits0References5

Cvelist•added 2026/02/21 9:21 a.m.•19 views

CVE-2026-27484 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

2.3CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/02/21 9:21 a.m.•2 views

CVE-2026-27484 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

2.3CVSS5.3AI score0.00032EPSS

Exploits0References3

Snyk•added 2026/02/21 8:38 a.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper escaping of user input in website and author fields before being inserted into an HTML attribute. An attacker can execute arbitrary JavaScript in the context of users viewing affected comment...

6.1CVSS5.9AI score0.00108EPSS

Exploits0References2

NVD•added 2026/02/21 8:16 a.m.•4 views

CVE-2026-27469

6.1CVSS0.00108EPSS

Exploits0References3

CVE•added 2026/02/21 7:24 a.m.•10 views

CVE-2026-27469

Isso is a lightweight Python/JavaScript commenting server affected by a stored XSS in commits prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144. The vulnerability affects the website field and author comments because quotes were not properly escaped; the frontend inserts the website value into a ...

6.1CVSS5.7AI score0.00108EPSS

Exploits0References3

ATTACKERKB•added 2026/02/21 7:24 a.m.•4 views

CVE-2026-27469

6.1CVSS5.7AI score0.00108EPSS

Exploits0References4

Cvelist•added 2026/02/21 7:24 a.m.•20 views

CVE-2026-27469 Isso: Stored XSS via comment website field

6.1CVSS0.00108EPSS

Exploits0References3

Vulnrichment•added 2026/02/21 7:24 a.m.•3 views

CVE-2026-27469 Isso: Stored XSS via comment website field

6.1CVSS5.5AI score0.00108EPSS

Exploits0References3

Positive Technologies•added 2026/02/21 12:0 a.m.•5 views

PT-2026-21366

Name of the Vulnerable Software and Affected Versions Isso versions prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144 Description Isso, a lightweight commenting server written in Python and JavaScript, contains a stored Cross-Site Scripting XSS issue. The website and author comment fields are...

6.1CVSS5.6AI score0.00108EPSS

Exploits0References12

Schneier on Security•added 2026/02/20 10:5 p.m.•4 views

Friday Squid Blogging: Squid Cartoon

I like this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.5AI score

Exploits0

Snyk•added 2026/02/20 9:2 p.m.•2 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the moderation action handling process. An attacker can perform unauthorized moderation actions by spoofing sender identity fields in tool-driven flows. Note: This ...

4.3CVSS5.6AI score0.00032EPSS

Exploits0References3

Github Security Blog•added 2026/02/20 9:2 p.m.•8 views

OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

Overview Discord moderation action handling timeout, kick, ban used sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. Impact In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin...

4.3CVSS5.5AI score0.00032EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/20 9:2 p.m.•2 views

GHSA-WH94-P5M6-MR7J OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

2.3CVSS5.9AI score0.00032EPSS

Exploits0References5

Positive Technologies•added 2026/02/20 12:0 a.m.•4 views

PT-2026-21335

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.18 Description The software handles Discord moderation actions timeout, kick, ban using information from request parameters instead of a secure source. This allows a user without administrative privileges to...

2.3CVSS5.3AI score0.00032EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by