@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the list.json.php endpoint in the Permissions plugin. An attacker can retrieve the complete mapping of user groups to plugin permissions,...

WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

MAL-2025-3618 Malicious code in cordova-plugin-permissions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d38eb952cb4b2282aeba8c61e9dbc84411d23c74b33280842be8aff6aa0ff6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cordova-plugin-permissions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d38eb952cb4b2282aeba8c61e9dbc84411d23c74b33280842be8aff6aa0ff6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-28207

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data...

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

GHSA-2549-XH72-QRPM Mattermost Improper Validation of Specified Type of Input vulnerability

Mattermost versions 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsolereadplugins permission via creating a post with the customplnotification type and specific props...

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-38507 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-38507 Source advisory: OSV:GHSA-24Q2-59HM-RH9R...

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

CVE-2022-26693

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-26693

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data...