EUVD-2026-30317

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

CVE-2026-35669

OpenClaw is affected prior to version 2026.3.25. The vulnerability resides in the gateway-authenticated plugin HTTP routes, where the system incorrectly mints operator.admin runtime scope regardless of caller-granted scopes. This scope boundary bypass can allow an attacker to escalate privileges ...

PT-2026-31980

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description The software contains a privilege escalation issue in gateway-authenticated plugin HTTP routes. The issue incorrectly assigns operator.admin runtime scope, bypassing caller-granted scopes. This...

CVE-2026-21892 Parsl Monitoring Visualization Vulnerable to SQL Injection

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/checkcache/type, wslu/v1/savecache/type, and wslu/v1/settings/clearcountercache being registered with...

Towards Spring Tools 5 - Ready for AI

There is no doubt that AI-based coding assistants are already or will be widely used by developers and within organizations. While the overall outlook is pretty certain, the exact way when and how to use those tools might vary, ranging from extensions for existing IDEs e.g. Copilot for Visual...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...