601 matches found
CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...
PT-2026-26267
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...
WordPress plugin tagDiv Opt-In Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
GHSA-VM69-H85X-8P85 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)
Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)
Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...
GHSA-3CVX-236H-M9FJ OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access
Description In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees. This required a...
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Summary Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections. Affected Packages / Versions - Package: openclaw npm ecosystem - Latest published npm version at triage time 2026-02-21: 2026.2.19-2 - Affected range: = 2026.2.19-2...
Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses
A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars...
Malicious code in flycord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...
MAL-2026-1049 Malicious code in flycord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...
MAL-2026-983 Malicious code in tensorflow-opt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...
PT-2026-20863
Name of the Vulnerable Software and Affected Versions CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211 Description A buffer overflow issue exists in CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211. This flaw allows an attacker to potentially execute arbitrary code by...
Fedora 42 : bind / bind-dyndb-ldap (2026-34c921d252)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-34c921d252 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...
WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...
SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:0348-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0348-1 advisory. Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records bsc1256997 Featur...
Fedora 43 : bind / bind-dyndb-ldap (2026-567ff6c687)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-567ff6c687 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...
SUSE-SU-2026:20135-1 Security update for bind
This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records bsc1256997 Feature Changes: Add more information to the rndc recursing output about fetches. Reduce the number of outgoing queries. Provide more...
Fedora 44 : bind / bind-dyndb-ldap (2026-925e7cce85)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-925e7cce85 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...