87063 matches found
Duplicate Advisory: OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h4jx-hjr3-fhgc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback...
EUVD-2026-21108
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...
EUVD-2026-21097
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...
EUVD-2026-21077
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...
📄 RomM Cross Site Scripting / File Upload
RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...
PT-2026-31955
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...
IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)
IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...
PT-2026-32011
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Open Redirect flaw in the session course edit page. An attacker can redirect an authenticated administrator to an...
PT-2026-31858
Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A security issue exists in code-projects Simple IT Discussion Forum 1.0 related to the processing of the /admin/user.php file. Manipulation of the fname argument can lead to cros...
PT-2026-32013
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, has an issue where the PlatformConfigurationController::decodeSettingArray method uses PHP's eval function to process platform settings retrieved...
PT-2026-31926
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f k levels list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass...
OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...
Chamilo LMS 安全漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities allowed an...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the permission checking logic when changing the parent project ID, which was inconsistent with the recursive...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator operators to self-request a broader scope during backend reconnection...
PT-2026-31946
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...
CouchCMS 安全漏洞
CouchCMS is an open-source content management system CMS designed for designers. CouchCMS has a security vulnerability that stems from improper authorization verification. This vulnerability could allow authenticated administrator users to create super-administrator accounts by manipulating...
Keycloak < 26.4.11 Multiple Vulnerabilities
Keycloak versions installed prior to 26.4.11 are affected by multiple vulnerabilities: - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an...
Chamilo LMS 安全漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from the Twig...
PT-2026-31842
Name of the Vulnerable Software and Affected Versions Webling plugin for WordPress versions prior to 3.9.1 Description The Webling plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization, insufficient output escaping, and missing capabilities chec...