PT-2026-48738

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

CVE-2022-38539

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...

CVE-2025-8921

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument jobtitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2025-8921

Code-Projects Job Diary 1.0 is affected by a SQL injection in /user-apply.php via the job_title parameter. Several connected documents confirm remote exploitation and public disclosure of the exploit. The exact vulnerable functionality is unknown beyond that the issue arises in /user-apply.php. R...