Lucene search
K

87087 matches found

CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of the operator.admin scope for mutated internal ACP chat commands, which could...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 12:0 a.m.7 views

EUVD-2025-209385

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.3AI score0.00148EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.3 views

SUSE CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.4CVSS5.8AI score0.00458EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.2 views

SUSE CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:0 p.m.0 views

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/08 11:0 p.m.33 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/08 11:0 p.m.4 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/08 7:57 p.m.3 views

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

6.1CVSS5.9AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.3 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.4 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.1AI score0.00815EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/08 7:15 p.m.9 views

EUVD-2026-20485

CI4MS has stored XSS in Pages Content Due to Missing htmlpurify Sanitization...

5.5CVSS5.9AI score0.00247EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 7:15 p.m.10 views

GHSA-FJPJ-6QCQ-6PW2 CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

5.5CVSS5.9AI score0.00247EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 7:15 p.m.4 views

EUVD-2026-20484

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...

4.8CVSS5.9AI score0.0023EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.5 views

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6.1AI score0.0023EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/08 7:15 p.m.2 views

GHSA-7CM9-V848-CFH2 CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6AI score0.0023EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 7:15 p.m.2 views

EUVD-2026-20483

CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 7:15 p.m.2 views

GHSA-X3HR-CP7X-44R2 CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting

Summary The Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of on\w+ event handlers. However, the srcdoc attribute is not an event handler and passes all filters. An attacker with admin settings access can inject an...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 7:15 p.m.0 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the compInfosPost process. An attacker can execute arbitrary JavaScript in the context of the parent page by injecting an payload containing...

5.5CVSS5.8AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 6:17 p.m.2 views

CVE-2026-34724 Zammad has a server-side template injection leading to RCE via AI Agent

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

8.7CVSS5.9AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder