GHSA-V9P7-GF3Q-H779

creationtimestamp| type| source ---|---|--- 2026-04-03 17:26:02+00:00| published-proof-of-concept| Telegram/XKiVP0TBNKcSgroBasKUd6A0zwSV-UpgyYoSDTGkjCiQdks...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

EUVD-2026-18577

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

GHSA-H22J-FRRF-5VXQ

creationtimestamp| type| source ---|---|--- 2026-04-02 22:23:12+00:00| published-proof-of-concept| Telegram/qg3HF91OLRRzWQbI7Pfv-fl8vLkHd7iL-mBbLD40slyOww...

CVE-2025-43257

creationtimestamp| type| source ---|---|--- 2026-04-02 22:22:27+00:00| published-proof-of-concept| Telegram/LEqzgESE2wGHUVmUGbeDXDuSp8F8SqNkH2O3nuA9SKVO2A...

CVE-2025-30433

creationtimestamp| type| source ---|---|--- 2026-04-02 22:15:38+00:00| published-proof-of-concept| Telegram/MjTxKferycnY5Pne62qxIs8GZVQD5pDYWQHmJtbu7pIL3GM...

Information Exposure

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Information Exposure in the config.get process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret...

Unprotected Alternate Channel

Overview Affected versions of this package are vulnerable to Unprotected Alternate Channel due to the omission of confirmation in proxy-mode multiplexing sessions. An attacker can cause unintended data handling by establishing a multiplexed session without explicit confirmation when specific and...

CVE-2026-5354

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

EUVD-2026-18122

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

GHSA-5VPR-4FGW-F69H

creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:26+00:00| published-proof-of-concept| Telegram/W-ZMhqLt3Z16f8AdFiB8UF-gG999hpwzW6X3s6aq-w7Q74...

GHSA-H762-RHV3-H25V

creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:26+00:00| published-proof-of-concept| Telegram/W-ZMhqLt3Z16f8AdFiB8UF-gG999hpwzW6X3s6aq-w7Q74...

CVE-2026-5211

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function...

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the absence of authentication checks in the list.json.php template used by multiple plugin endpoints. An attack...

PT-2026-29474

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

GHSA-73G7-86QR-JRG3

creationtimestamp| type| source ---|---|--- 2026-03-31 23:21:09+00:00| published-proof-of-concept| Telegram/2Cqkqvtgaegci7UwxXD-qABu2YaVYQoLZQGlshG1KuvbS0...

GHSA-7FH7-8XQM-3G88

creationtimestamp| type| source ---|---|--- 2026-03-31 23:20:06+00:00| published-proof-of-concept| Telegram/nmybyhyW9j--U7tziXdh4Y31RLU4faF2Hhhi6Dlcxk1tj2s...

CVE-2026-34215

creationtimestamp| type| source ---|---|--- 2026-03-31 21:19:25+00:00| published-proof-of-concept| Telegram/KAeZyql0w7ADSWCNfrKYv7UvYEMEw072WjtVkInGvWCcTc...

GHSA-HPM8-9QX6-JVWV

creationtimestamp| type| source ---|---|--- 2026-03-31 21:19:25+00:00| published-proof-of-concept| Telegram/KAeZyql0w7ADSWCNfrKYv7UvYEMEw072WjtVkInGvWCcTc...