3 matches found
CVE-2026-53962
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...
CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling
OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...
SQL Injection
Overview parsl is a Simple data dependent workflows in Python Affected versions of this package are vulnerable to SQL Injection via the workflowid parameter in the visualization dashboard routes. An attacker can execute arbitrary SQL commands by injecting malicious input into the URL, which is th...