87078 matches found
CVE-2026-39374 Plane IDOR: Cross-Project Issue Date Modification via Bulk Update Endpoint
Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member ADMIN or MEMBER to modify the startdate and targetdate of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches...
CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...
CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...
CVE-2026-39347
OrangeHRM Open Source vulnerability CVE-2026-39347 affects versions 5.0–5.8 where admin self-appraisal submissions can be modified after being marked completed, compromising integrity of finalized appraisal records. The issue is resolved in 5.8.1. Affected product: OrangeHRM Open Source; vulnerab...
CVE-2026-39335
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...
CVE-2026-39328
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...
CVE-2026-35575
ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...
Information Exposure
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the connect process. An attacker can obtain sensitive host filesystem paths and deployment metadata by making authenticated requests as a non-admin client...
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Summary Before OpenClaw 2026.4.2, the Gateway connect success snapshot exposed local configPath and stateDir metadata to non-admin clients. Low-privilege authenticated clients could learn host filesystem layout and deployment details that were not needed for their role. Impact A non-admin client...
GHSA-2F7J-RP58-MR42 OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Summary Before OpenClaw 2026.4.2, the Gateway connect success snapshot exposed local configPath and stateDir metadata to non-admin clients. Low-privilege authenticated clients could learn host filesystem layout and deployment details that were not needed for their role. Impact A non-admin client...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...
GHSA-767M-XRHC-FXM7 OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
Summary Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated...
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
Summary Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated...
GHSA-3Q42-XMXV-9VFR OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...
GHSA-H2V7-XC88-XX8C OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels
Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...
OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels
Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...
CVE-2026-39343 ChurchCRM has a SQL Injection in Event Type Editor (Admin)
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...
CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...
CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...