CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

PT-2026-20950

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.6 through 2026.2.13 Description The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links lacking an unattended key, the application displays a confirmation dialog...

EUVD-2014-4283

Malware in sbrugna...

Cross site scripting

Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...

CVE-2024-24276

Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...

Grouptime Teamwire Client Security Vulnerability

Grouptime Teamwire Client is an enterprise messaging client application from Grouptime Germany. A security vulnerability exists in Grouptime Teamwire Client versions v.2.0.1 through v.2.4.0. A remote attacker could exploit the vulnerability to obtain sensitive information via a specially crafted...

CVE-2024-24276

Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...

PT-2024-20334 · Teamwire · Teamwire Windows Desktop Client

Name of the Vulnerable Software and Affected Versions: Teamwire Windows desktop client versions 2.0.1 through 2.4.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username, and group...

PT-2023-17237 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to request a preview of an existing message when creating a new message via the "createPost API call", disclosing the contents of the linked message...

Mail.ru: touch.mail.ru/messages - Stored XSS

XSS in touch.mail.ru image preview feature via crafted attachment filename...

SQL injection vulnerability in the zdbh parameter in the Bulletin/Msg_Preview.aspx page of the informatization management system of Guangzhou Zhongda Dongri Education Technology Co.

Guangzhou Zhongda Dongri Education Technology Co., Ltd. education information management system is to provide an integrated campus information solution. A SQL injection vulnerability exists in the Informationization Management System of Guangzhou Zhongda Dongri Education Technology Co. The lack o...

CVE-2014-4356

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen...

Code injection

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen...

CVE-2014-4356

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

Heap overflow

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview...

thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview...