366180 matches found
CVE-2026-12089
The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...
CVE-2026-49452
Technical details for CVE-2026-49452 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-49853
Technical details for CVE-2026-49853 are not publicly available in the provided documents. The connected entries describe fixes for a different PT security issue in openSUSE Tumbleweed. Monitor for updates and new disclosures.
CVE-2026-49855
Technical details about CVE-2026-49855 are not publicly available in the provided documents. No affected product, impact, or remediation information is described. Please monitor for updates as information may be released later.
CVE-2026-11443
CVE-2026-11443 affects Allegra via the downloadAttachment method, where insufficient validation of user-supplied data enables cross-site scripting and an authentication bypass. This allows remote attackers to execute arbitrary script in the context of the current user after visiting a malicious p...
CVE-2026-11442
CVE-2026-11442 affects Allegra, via the exportReport method. The vulnerability arises from inadequate validation of a user-supplied path used in file operations, enabling an attacker to disclose sensitive information with the service account’s context. The CVE notes a directory traversal and info...
CVE-2026-12068
CVE-2026-12068 describes an information disclosure in Avira Password Manager when used with Mozilla Firefox across Windows, macOS, and Linux. A remote attacker in a cross-origin iframe can cause incorrect autofill field selection to reveal credentials autofilled on the parent page. Affected compo...
CVE-2026-6676
CVE-2026-6676 is a heap-based out-of-bounds write in Avira Antivirus engine when scanning a malformed POSIX tar archive. Affects Windows, macOS, and Linux engine builds prior to 8.3.27.12. It may enable local code execution or cause a denial-of-service of the antivirus engine process. The descrip...
CVE-2025-14098
Avira Antivirus engine heap buffer out-of-bounds write (integer overflow) when scanning a malformed MS-DOS executable file. Affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104. Impact: local code execution or denial-of-service of the antivirus engine process. ...
CVE-2025-9033
The CVE-2025-9033 issue affects Avira Antivirus engine on Windows, macOS, and Linux for engine builds before 8.3.70.76. It is a heap buffer out-of-bounds read in the scanner when processing a malformed PDF, variant 3, which may allow Local Execution of Code or Denial-of-Service of the antivirus e...
CVE-2025-9032
CVE-2025-9032 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed Windows PE file. Affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98. The issue can lead to Local Execution of Code or Denial-of-Service of t...
CVE-2025-7019
CVE-2025-7019 describes a stack overflow in Avast/Gen Digital antivirus scanning of malformed Office Open XML files, causing Denial-of-Service of the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows/m...
CVE-2025-7018
CVE-2025-7018 is a null pointer dereference in Avira Antivirus engine when scanning malformed Windows PE files, potentially causing Denial-of-Service of the antivirus engine process. Affected product: Avira Antivirus across Windows, macOS, and Linux, with vulnerable engine builds prior to 8.3.70....
CVE-2025-7017
Affected product: Avira Antivirus engine. Vulnerability: heap buffer out-of-bounds read when scanning a malformed Windows MSI file. Root cause: out-of-bounds heap read in the engine (details not provided beyond the description). Impact: local code execution or denial-of-service of the antivirus e...
CVE-2025-7011
This CVE-2025-7011 describes a heap out-of-bounds read in the Avast Gen Digital antivirus engine when processing a malformed ZIP containing XML, potentially enabling local code execution or antivirus process denial-of-service. Affected products include Avast Antivirus, AVG Antivirus, Norton Antiv...
CVE-2025-7010
CVE-2025-7010 describes a stack overflow vulnerability (uncontrolled recursion) in Avast’s scanning engine when processing a malformed PDF, leading to Denial‑of‑Service of the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Busin...
CVE-2025-7009
The CVE-2025-7009 issue is a heap buffer out-of-bounds read in the Avast/Gen Digital scanning engine when processing malformed Windows PE files. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux, for vi...
CVE-2025-7008
CVE-2025-7008 describes a heap buffer out-of-bounds read in Gen Digital antivirus engines ( Avast Antivirus, AVG, Norton, Avast One/Business) when scanning malformed Windows PE files containing .NET metadata. Root cause: heap OOB read in the scanning logic when processing such PE files; impact in...
CVE-2025-7006
CVE-2025-7006 describes a use-after-free in Avast Gen Digital antivirus scanning logic when processing malformed Windows PE files, causing denial-of-service to the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antiviru...
CVE-2025-7005
CVE-2025-7005 describes an uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file, potentially causing denial-of-service of the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business A...
CVE-2025-7004
CVE-2025-7004 describes a heap buffer out-of-bounds write in Avast/Gen Digital antivirus products when scanning a malformed Windows PE file, potentially allowing Local Execution of Code or Denial-of-Service of the antivirus process. Affected products include Avast Antivirus, AVG Antivirus, Norton...
CVE-2025-7003
CVE-2025-7003 describes a heap buffer out-of-bounds read in the Avira Antivirus engine when scanning malformed PDF files, potentially enabling local code execution or denial-of-service. Affected: Avira Antivirus engine on Windows, macOS, and Linux for builds prior to 8.3.70.56. Exploitation detai...
CVE-2025-7002
CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...
CVE-2026-41158
Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...
CVE-2026-53868
Capgo before 12.128.2 contains a denial-of-service vulnerability where attackers can register accounts with arbitrary, unverified emails and then delete them, causing pending deletions that lock legitimate users out for up to 30 days. Root cause: unverified email ownership in account lifecycle op...
CVE-2026-53867
Capgo before 12.128.2 does not delete previously uploaded profile images, leaving orphaned files accessible via previously generated URLs, enabling unauthorized retrieval of user-uploaded content. This affects Capgo's backend storage handling when users replace or remove images. The CVE notes MED...
CVE-2026-53838
OpenClaw is affected by a state mutation vulnerability in node pairing reconnection prior to version 2026.5.27. The issue lets paired nodes confuse approval scope decisions by manipulating reconnection logic, potentially restoring or presenting broader node authority than intended and bypassing a...
CVE-2026-53839
OpenClaw before 2026.5.7 has a hostname validation flaw in the retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. This can enable an attacker to craft a hostname prefix that resembles a trusted host, potentially causing authentication material to be sent to u...
CVE-2026-53837
CVE-2026-53837 affects OpenClaw prior to 2026.5.6, where an improper access control vulnerability in Mattermost event handlers fails to validate channel type metadata. Attackers can bypass DM policy decisions by sending crafted Mattermost events that omit channel type information, enabling proces...
CVE-2026-53836
OpenClaw is affected by an allowlist bypass in PowerShell encoded-command handling prior to 2026.5.12. The vulnerability lets remote authenticated operators bypass the execution allowlist by using abbreviated or unrecognized encoded-command alias forms to run arbitrary PowerShell content. This ca...
CVE-2026-53835
OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...
CVE-2026-53834
OpenClaw (OpenClaw before 2026.4.27) contains an authorization bypass in QQBot pre-dispatch slash commands that allows authenticated senders to bypass allowFrom policy checks. Attackers can invoke slash commands before access control policies are applied, potentially triggering command handling f...
CVE-2026-53833
OpenClaw before 2026.4.29 contains an authorization bypass in the QQBot streaming command that lets authenticated senders mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside the intended admin policy by accessing the affected co...
CVE-2026-53832
CVE-2026-53832 affects OpenClaw prior to 2026.5.18. The issue is an identity header validation flaw that lets local, same-host callers forge trusted-proxy identity headers, enabling them to assume operator identity and potentially escalate privileges when they have access to the proxy-facing Gate...
CVE-2026-53831
OpenClaw
CVE-2026-53830
OpenClaw prior to 2026.4.22 is affected by a webhook secret revocation bypass. The vulnerability lets callers with old Slack/Zalo webhook secrets remain active after secrets.reload, enabling delivery of webhook events during the stale-secret window and potentially accepting previous credentials. ...
CVE-2026-53829
OpenClaw prior to 2026.5.18 is affected by an approval display truncation vulnerability. Authenticated users can hide command suffixes from approvers by submitting oversized exec commands with benign prefixes and malicious suffixes, potentially enabling unauthorized operations after approval. CVS...
CVE-2026-53828
OpenClaw before 2026.5.6 contains an authorization bypass in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access control, potentially...
CVE-2026-53827
OpenClaw is affected by CVE-2026-53827: before version 2026.5.2, a credential exposure vulnerability exists in message.action forwarding. The issue allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs, enabling remote attack...
CVE-2026-53826
OpenClaw is affected by an information-disclosure vulnerability in sandboxed session spawning affecting versions prior to 2026.4.26. The issue allows a sandboxed parent to reveal the real workspace path to child prompts, potentially exposing host workspace location or related memory context to ch...
CVE-2026-53825
OpenClaw prior to 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature. Authenticated Gateway operators with operator.write scope can specify arbitrary local file paths to import content into wiki memory, bypassing access restrictions and reading local files ou...
CVE-2026-53824
Mattermost/OpenClaw before 2026.4.24 contains a token revocation lag vulnerability where revoked slash tokens can still execute commands briefly during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior after revocation, potentially enabling una...
CVE-2026-53823
OpenClaw is affected by a privilege-escalation vulnerability in the allowFrom feature, where binding to mutable Slack display names enables an attacker with Slack account access to alter display name metadata to match policy entries and gain unauthorized agent access intended for other identities...
CVE-2026-53822
OpenClaw before 2026.5.18 contains a command injection vulnerability in which the shell wrapper argv can change between approval and execution. This allows an attacker to rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security contro...
CVE-2026-53821
OpenClaw is affected: prior to 2026.5.18, WebSocket control UI accepts client-declared operator scopes before server-approved pairing/trusted-proxy binding. This enables unpaired/restricted trusted-proxy Control UI clients to obtain cached operator.admin authority on live WebSocket connections an...
CVE-2026-53820
OpenClaw contains an exec denylist bypass in the bundle MCP loopback session-spawn path prior to version 2026.5.12. This allows authenticated callers to bypass command restrictions and initiate sessions with broader command reach than intended. Affected component: bundle MCP session-spawn; root c...
CVE-2026-41157
The CVE-2026-41157 entry concerns Imagination Graphics DDK with an OOB write in the GPU driver when processing WebGPU content in the GLES render path. The root cause is an integer overflow while computing a required memory size from untrusted input, which can yield a value smaller than needed; su...
CVE-2026-41155
The CVE-2026-41155 entry describes a vulnerability in GPU DDK where shared secure memory allocations are mapped into all GPU virtual address spaces, enabling cooperative data transfer between secure GPU processes and potential disruption of others, causing image corruption or GPU hardware recover...
CVE-2026-34195
Summary: CVE-2026-34195 describes a GPU DDK kernel heap OOB write caused by incorrect indexing of internal state during sparse allocation remapping, specifically involving PMRChangeSparseMemOSMem and physical page translation from virtual page indexes. This is triggered by non-privileged user act...
CVE-2026-12131
CVE-2026-12131 affects CodeAstro Human Resource Management System 1.0, specifically the Payroll Invoice Module. The vulnerability exists in the Invoice function of the file \application\controllers\Payroll.php, where manipulation of the argument ID leads to SQL injection. Exploitation is possible...