2 matches found
OpenClaw OS Command Injection Vulnerability (CNVD-2026-13373)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that stems from the failure of maintainer/developer scripts/update-clawtributors.ts to properly filter construct command special characters, commands...
CVE-2025-13678
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...