CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.7 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation issue in the Matrix allowFrom function, which allowed authenticated accounts to...

Dolibarr ERP CRM 安全漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...

CVE-2026-34777

A flaw was found in Electron, a framework for building desktop applications. When an embedded iframe requests permissions, such as for fullscreen or media access, the framework incorrectly provides the origin of the main page instead of the requesting iframe's origin. This vulnerability allows a...

EUVD-2026-9882

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0...

CVE-2025-66451 LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...

EUVD-2005-4841

Malware in sbrugna...

EUVD-2021-26742

Malware in sbrugna...

EUVD-2023-33263

Malicious code in bioql PyPI...

EUVD-2023-2253

Malicious code in bioql PyPI...

EUVD-2022-30232

Malicious code in bioql PyPI...

EUVD-2025-14029

Malicious code in bioql PyPI...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of access control policies during execution of Check and ListObject calls in OpenFGA, which allows an attacker to bypass intended access control and gain unauthorized permissions...

CVE-2024-7096

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

CVE-2022-45801

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through...

CVE-2025-30215

A flaw was found in NATS-SERVER. In affected versions of NATS-SERVER, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some JS API requests...

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

Exploit for CVE-2024-32962

Poc-CVE-2024-32962-xml-crypto A simulation of an atta...

Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qr6x-62gq-4ccp. This link is maintained to preserve external references. Original Description A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control...

CVE-2024-1550

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...