CVE-2026-41339

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

CVE-2026-41339

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...

EUVD-2026-25188

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive password auth...

PT-2026-34770

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

PT-2026-34807

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

PT-2026-34636

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

Web-Application-Pentest-Report

Web-Application-Pentest-Report OWASP methodology penetration t...

CVE-2026-33733

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

CVE-2026-41170

Squidex -- CVE-2026-41170: Prior to 7.23.0, the RestoreController.PostRestoreJob endpoint lets an authenticated admin specify an arbitrary URL for downloading backups via the Backup HttpClient without SSRF protection. This enables internal or external network probing and access to sensitive resou...

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

Server-side Request Forgery (SSRF)

Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the interpolation of unvalidated LESS config variables during CSS compilation. An attacker can access arbitrary files on the server or...

CVE-2026-33733

CVE-2026-33733 affects EspoCRM prior to version 9.3.4, where admin TemplateManager endpoints incorrectly handle attacker-controlled name and scope values. This allows an authenticated admin to use directory traversal (../) to escape the intended template directory and read, create, overwrite, or ...

EUVD-2026-25082

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

EUVD-2026-24634

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...