Lucene search
K
PatchstackRecent

46541 matches found

Patchstack
Patchstack
added 2026/06/18 8:44 p.m.4 views

NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state

NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:42 p.m.5 views

NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment

NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

5.4CVSS5.8AI score0.00206EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:41 p.m.5 views

NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection

NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...

7.2CVSS5.8AI score0.00119EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:39 p.m.5 views

NPM: OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots

NPM: OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:36 p.m.4 views

NPM: OpenClaw: Discord allowFrom could bind to mutable display names

NPM: OpenClaw: Discord allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...

8.6CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:34 p.m.5 views

NPM: OpenClaw: Focus command could miss controlScope enforcement

NPM: OpenClaw: Focus command could miss controlScope enforcement vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:33 p.m.5 views

NPM: OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install

NPM: OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.29...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:33 p.m.5 views

NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns

NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...

8.3CVSS5.8AI score0.00347EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:32 p.m.5 views

NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers

NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:31 p.m.5 views

NPM: OpenClaw: memory-wiki shared search could miss session visibility checks

NPM: OpenClaw: memory-wiki shared search could miss session visibility checks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.27...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:29 p.m.4 views

NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions

NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

5.7CVSS5.8AI score0.00094EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:17 p.m.4 views

NPM: OpenClaw: Zalo allowFrom could bind to mutable display names

NPM: OpenClaw: Zalo allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.2...

8.6CVSS5.8AI score0.00225EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:16 p.m.4 views

NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks

NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:15 p.m.4 views

NPM: OpenClaw: Active Memory write scope could mutate global config

NPM: OpenClaw: Active Memory write scope could mutate global config vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:14 p.m.4 views

NPM: OpenClaw: Exported session HTML could keep unsafe markdown links

NPM: OpenClaw: Exported session HTML could keep unsafe markdown links vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:13 p.m.4 views

NPM: OpenClaw: Slack reaction events could ignore reaction notification settings

NPM: OpenClaw: Slack reaction events could ignore reaction notification settings vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...

6.3CVSS5.8AI score0.00191EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:12 p.m.4 views

NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes

NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.2...

5.4CVSS5.8AI score0.00088EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:12 p.m.4 views

NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks

NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.2...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:11 p.m.4 views

NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently

NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:10 p.m.4 views

NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers

NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 5:50 p.m.6 views

WordPress STRABL – A checkout solution plugin <= 4.5 - Unauthenticated Arbitrary Webhook Creation vulnerability

Unauthenticated Arbitrary Webhook Creation vulnerability discovered by Teerachai Somprasong in WordPress Plugin STRABL – A checkout solution versions = 4.5...

5.3CVSS5.3AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 5:37 p.m.5 views

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

5.3CVSS5.3AI score0.00299EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 5:36 p.m.6 views

WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability

Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...

9.1CVSS5.3AI score0.01193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 5:24 p.m.15 views

NPM: budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL

NPM: budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL vulnerability discovered by ? in WordPress Npm budibase versions 3.39.19...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:21 p.m.5 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:9 p.m.5 views

WordPress Creavi Appointment Booking Calendar plugin <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Creavi Appointment Booking Calendar versions = 1.4.4...

6.4CVSS5.2AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:4 p.m.6 views

WordPress Woosa – Marktplaats for WooCommerce plugin <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Legion Hunter in WordPress Plugin Woosa – Marktplaats for WooCommerce versions = 2.0.5...

4.9CVSS5.3AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:2 p.m.5 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability discovered by kalomba - KAPENTEST in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.39...

5.3CVSS5.3AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:0 p.m.7 views

WordPress Bogo plugin <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Andrew Lacambra in WordPress Plugin Bogo versions = 3.9.1...

4.3CVSS5.3AI score0.00254EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:57 p.m.6 views

WordPress Advanced Import plugin <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by loris4py in WordPress Plugin Advanced Import versions = 1.4.6...

6.4CVSS5.3AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:44 p.m.5 views

WordPress Blocksy Companion plugin <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin Blocksy Companion versions = 2.1.45...

4.4CVSS5.2AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:43 p.m.5 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Craniums in WordPress Plugin BetterDocs versions = 4.5.3...

6.4CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:38 p.m.5 views

WordPress Classified Listing – AI-Powered Classified ads & Business Directory plugin <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Feature Modification vulnerability discovered by Ben Tamam Ben Tamam in WordPress Plugin Classified Listing versions = 5.4.2...

4.3CVSS5.3AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:20 p.m.6 views

WordPress WP EasyPay plugin <= 4.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Sajjad Haqi in WordPress Plugin WP EasyPay versions = 4.5.0...

6.5CVSS5.8AI score0.00124EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 3:4 p.m.4 views

WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.4...

8.8CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:52 p.m.4 views

NPM: OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags

NPM: OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...

9.8CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:40 p.m.6 views

WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Plugin H5P versions = 1.17.6...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:33 p.m.5 views

WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:29 p.m.5 views

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.11...

9.3CVSS6AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:28 p.m.6 views

NPM: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

NPM: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...

7.4CVSS6.4AI score0.00375EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:28 p.m.4 views

NPM: undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

NPM: undici vulnerable to cross-user information disclosure via shared cache whitespace bypass vulnerability discovered by ? in WordPress Npm undici versions = 7.0.0, 7.28.0...

5.9CVSS7.1AI score0.00374EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:28 p.m.6 views

NPM: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

NPM: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass vulnerability discovered by ? in WordPress Npm undici versions = 8.0.0, 8.5.0...

7.5CVSS6.4AI score0.00426EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:28 p.m.20 views

NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message vulnerability discovered by ? in WordPress Npm nodemailer versions = 9.0.0...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:27 p.m.29 views

NPM: DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

NPM: DOMPurify: Permanent ALLOWEDATTR pollution via setConfig bypassing the hook clone-guard incomplete fix of the 3.4.7 hook-pollution patch vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.10...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.14 views

NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining

NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.14 views

NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution

NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.13 views

NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call

NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.0, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.6 views

NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.6.0, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.13 views

NPM: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool

NPM: PraisonAI: Remote Code Execution via Sandbox Escape in codeMode Tool vulnerability discovered by ? in WordPress Npm praisonai versions = 1.7.1...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.55 views

NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining

NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities46541