15841 matches found
CVE-2019-25568
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
EUVD-2026-13955
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
GHSA-FFR4-MRHV-VFR2 Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output...
Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output...
CVE-2026-3645
The CVE describes a concrete vulnerability in the Punnel – Landing Page Builder WordPress plugin (up to version 1.3.1). The save_config() function handling the punnel_save_config AJAX action lacks any capability check (no current_user_can()) and nonce verification, allowing authenticated attacker...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506
WP-Chatbot for Messenger plugin for WordPress (up to version 4.9) suffers an authorization bypass due to improper verification of user permissions, enabling unauthenticated attackers to overwrite the site’s MobileMonkey API token and company ID options . This can hijack chatbot configuration and ...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 are affected by a symlink traversal vulnerability in browser trace and download output path handling, allowing a local attacker to escape the managed temp root and overwrite files outside the intended directory. The issue stems from how symlinks are resolved w...
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
PT-2026-26857
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
PT-2026-26914
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...
PT-2026-26736
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
PT-2026-26864
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save config function, which handles the 'punnel save config' AJAX action, lacks any capability check current user can and nonce verification. This makes i...
OpenClaw 后置链接漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to cause arbitrary file overwrites...
DEBIAN-CVE-2026-33236
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...