WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

CVE-2026-35630

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

Missing Authorization

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin approval requests by interacting with approv...

CVE-2026-35630

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

CVE-2026-35630

OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...

EUVD-2026-33335

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

BIT-JUPYTER-BASE-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

EUVD-2025-209825

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...

CVE-2025-28343

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...

CVE-2025-28343

CVE-2025-28343 affects striso-control-firmware 54c9722. The issue is a buffer overflow in the function ThreadReadButtons. CVSSv3.1 base score 7.5 (HIGH): attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction NONE, with confidentiality and integrity not impacted ...

CVE-2025-28343

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...

PT-2026-40702

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...

Striso Control Firmware 安全漏洞

Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...

GHSA-MQCG-5X36-VFCG JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

EUVD-2026-19596

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...