2218 matches found
EUVD-2026-43568
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...
CVE-2026-62190
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...
CVE-2026-62190
OpenClaw is affected by an authorization bypass in the flock wrapper for versions before 2026.6.9. The vulnerability allows lower-trust callers to execute or persist actions beyond their authorization by exploiting configured input paths to bypass the durable exec approval binding when the affect...
Apache Solr <= 7.1 - XML Entity Injection
Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...
CVE-2026-13347
The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...
CVE-2026-13347
The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...
CVE-2026-13347
The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...
CVE-2026-59225
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-59225
Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...
CVE-2026-47830 Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...
PT-2026-56888
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.12 through 0.9.x Description An authenticated non-admin user with read access to an arena wrapper model can access a restricted underlying model. This occurs because task endpoints, such as...
[SECURITY] Fedora 44 Update: python-fastar-0.11.0-7.fc44
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...
CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...
DEBIAN-CVE-2026-58402
Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...
GHSA-2J8V-HWGC-X698 OpenClaw: Shell wrapper argv could change between approval and execution
Summary Shell wrapper argv could change between approval and execution. In affected versions, a command request using a shell wrapper form could approve one resolved argv shape and rebuild another for execution. This advisory is scoped to the named feature and configuration. It does not change...
PT-2026-55296
Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.18 Description Authenticated attackers can perform server-side request forgery SSRF, a flaw where the server is tricked into making requests to an unintended location. By providing malicious input to th...
CVE-2026-14265
The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...
External Control of File Name or Path
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
EUVD-2026-40934
The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classwrapperform' shortcode attribute in versions up to, and including, 4.4.0. This is due to insufficient input sanitization and output escaping in the FilterCourseTemplate::sections method at line 98, wher...
CVE-2026-12732 LearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode Attribute
The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classwrapperform' shortcode attribute in versions up to, and including, 4.4.0. This is due to insufficient input sanitization and output escaping in the FilterCourseTemplate::sections method at line 98, wher...