CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

CVE-2026-32296

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

CVE-2026-28674

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

CVE-2026-26832

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

CVE-2018-25201

The CVE-2018-25201 issue affects School Management System CMS 1.0. An SQL injection in the admin login (processlogin endpoint) via the username parameter allows bypassing authentication by sending boolean-based blind payloads, enabling login as administrator without valid credentials. The vulnera...

CVE-2018-25195

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

GHSA-JFJG-VC52-WQVF BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fixture process. An attacker can access or overwrite arbitrary files by supplying specially crafted input containing path traversal sequences. Details A Directory Traversal attack also known as path traversal...

OpenClaw Denial of Service Vulnerability (CNVD-2026-16053)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that can be exploited by attackers to cause increased memory usage and process instability...

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a race condition vulnerability. This vulnerability arises from concurrent execution of single-phase and three-phase switching requests during charging or...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the ReadOne process. An attacker can gain unauthorized access to and delete files belonging to other users by supplying their own accessible task ID along with a target attachment...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the ReadOne process. An attacker can gain unauthorized access to and delete files belonging to other users by supplying their own accessible task ID along with a target attachment...

thumbler allows OS Command Injection

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail function because user input is concatenated into a shell command string passed to childprocess.exec without proper sanitization or escaping...

GHSA-9PCJ-M5RR-P28G textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

EUVD-2026-16062

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash...

GHSA-9R5M-9576-7F6X LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

n8n has In-Process Memory Disclosure in its Task Runner

Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens —...

SUSE CVE-2026-23365

In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not ha...

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...