Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the system.run approval flow. An attacker can execute unauthorized or modified scripts by obtaining approval for a script execution...

GHSA-8G75-Q649-6PV6 OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

OpenClaw's system.run approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as sh ./script.sh, rewrite the approved script before execution, and then execute different content under the previously...

OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

OpenClaw's system.run approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as sh ./script.sh, rewrite the approved script before execution, and then execute different content under the previously...

ImageMagick: MSL - Stack overflow in ProcessMSLScript

Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...

GHSA-8MPR-6XR2-CHHC ImageMagick: MSL - Stack overflow in ProcessMSLScript

Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

CVE-2026-3989

SGLangs’ replay_request_dump.py is affected by CVE-2026-3989 due to an insecure pickle.load() without validation in the deserialization process. The vulnerability arises when a malicious .pkl file is provided, allowing attacker-controlled code execution on the device running the script. The descr...

CVE-2026-4013 SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerability is in the way input in form fields is sanitized. This allows attackers to insert malicious JavaScript code. When other users open the affected content, the injected scripts are executed in...

CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

Automatic Attack Script Generation: A MDA Approach

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the cid parameter, which allows for SQL injections. I...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system developed by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the kelime parameter, which allows for SQL injections. It coul...

PT-2026-24974

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V3 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the videoid parameters, which may allow unauthenticated...

FeMiner wms SQL注入漏洞

FeMiner wms is a repository management system developed by FeMiner’s individual developers in China. Versions of FeMiner wms prior to version 1.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters named “Name” in the file...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V1 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the galleryid parameter, which allows for SQL injections. It...

Jettweb Php Hazir Ilan Sitesi Scripti SQL注入漏洞

Jettweb Php Hazir Ilan Sitesi Scripti is a content management system developed by the Turkish company Jettweb. The Jettweb Php Hazir Ilan Sitesi Scripti has a SQL injection vulnerability, which stems from the kat parameter being susceptible to SQL injections. This vulnerability could allow...