2004 matches found
EUVD-2026-18140
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634 Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634
CVE-2026-0634 affects TECNO Pova7 Pro 5G on Android. The vulnerability resides in the AssistFeedbackService, where a command injection allows local apps to execute arbitrary code with system privileges. Impact is local code execution with system level access. The provided documents do not specify...
Scoold 安全漏洞
Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.66.1 contained security vulnerabilities. These vulnerabilities stemmed from an authorization flaw in the feedback deletion function after authentication, which could allow users with low...
PT-2026-29878
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...
RuleForge: Automated Generation and Validation for Web Vulnerability Detection at Scale
Security teams face a challenge: the volume of newly disclosed Common Vulnerabilities and Exposures CVEs far exceeds the capacity to manually develop detection mechanisms. In 2025, the National Vulnerability Database published over 48,000 new vulnerabilities, motivating the need for automation. W...
PT-2026-29698
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
AutoEG: Exploiting Known Third-Party Vulnerabilities in Black-Box Web Applications
Large-scale web applications are widely deployed with complex third-party components, inheriting security risks arising from component vulnerabilities. Security assessment is therefore required to determine whether such known vulnerabilities remain practically exploitable in real applications...
Asking AI for personal advice is a bad idea, Stanford study shows
Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback
Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the feedback invocation process. An attacker can record unauthorized session feedback or trigger feedback reflection by bypassing sender allowlist checks...
Incorrect Authorization
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the feedback invocation process. An attacker can record unauthorized session feedback or trigger feedback reflection by bypassing sender allowlis...
GHSA-RF6H-5GPW-QRGQ OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback
Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...
Team Mirai and Democracy
Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to...
WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin User Feedback versions = 1.10.1...
WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability
Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...
CVE-2026-27684
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...
EUVD-2026-10454
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...
EUVD-2026-10455
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...