goclaw security vulnerabilities

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contain security vulnerabilities. These vulnerabilities stem from improper permission management in the handleSave function within the RoleAdmin Gateway component’s...

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

EUVD-2023-28685

Malicious code in bioql PyPI...

EUVD-2024-31873

Malicious code in bioql PyPI...

CVE-2024-12296

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, wit...

nuajik CDN <= 0.1.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-24674

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter...

CVE-2023-24674

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter...

Bludit CMS Security Vulnerability

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in Bludit CMS version v.4.0.0, which stems from a vulnerability that allows a local attacker to escalate privileges via the role:admin parameter...

Unescaped control characters in Gitblit

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

Sql injection

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3...

CVE-2021-25931

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...

CVE-2020-5228

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...