CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

CVE-2026-53835

OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...

CLSA-2026-1779124021 firewalld: Fix of CVE-2026-4948

CVE-2026-4948: use PKACTIONCONFIG instead of PKACTIONCONFIGINFO for setZoneSettings2 and setPolicySettings to require config-write authorization...

pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

Summary The setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...

PT-2026-26792

Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.4.0 through 0.5.0b3.dev96 Description: pyLoad, a free and open-source download manager written in Python, contains a flaw in the set config value API endpoint. Users with the non-admin SETTINGS permission can modify any...

OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

Exploit for Path Traversal in Tp-Link Tapo_C260_Firmware

Tapo C260 RCE Chain CVE-2026-0651 / CVE-2026-0652 / CVE-2026-...

EUVD-2026-9893

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

PT-2026-23522

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2.0.0-beta3 through 2026.2.13 Description The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The...

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

CVE-2026-25593 OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

EUVD-2026-5577

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2025-1320)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1320 advisory. A client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. CVE-2025-58436 A user in the...

UBUNTU-CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

DEBIAN-CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

GHSA-PR98-23F8-JWXV QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

UBUNTU-CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)

Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS Unauthenticated Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodc...