Skip to main content
CVE-2026-25253 HIGH POC PATCH This Week

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs extracted from query strings, transmitting authentication tokens without user confirmation. This network-based vulnerability requires user interaction (clicking a malicious link) and allows attackers to hijack authenticated sessions and perform actions with the victim's privileges. Public exploit code exists for this high-severity flaw with no patch currently available.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-47915 HIGH POC This Week

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. [CVSS 8.1 HIGH]

SQLi Php Melody
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2021-47918 HIGH POC This Week

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. [CVSS 8.1 HIGH]

PHP SQLi Simple Cms Php
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2020-37063 HIGH POC This Week

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37061 HIGH POC This Week

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37064 HIGH POC This Week

EMP_NSWLSV service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37062 HIGH POC This Week

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37055 HIGH POC This Week

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37045 HIGH POC This Week

NetBackup INET Daemon service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37048 HIGH POC This Week

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37047 HIGH POC This Week

DeepMgmtService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37037 HIGH POC This Week

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47909 HIGH This Week

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system. [CVSS 8.1 HIGH]

SQLi
NVD
CVSS 3.1
8.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy