OpenClaw versions before 2026.2.14 allow local attackers to write arbitrary files outside the sandbox directory through path traversal sequences in crafted skill package names when sandbox skill mirroring is enabled. An attacker can exploit this by providing a malicious skill package with traversal patterns like ../ or absolute paths in the frontmatter name parameter, potentially compromising system integrity. A patch is available to remediate this vulnerability.
OpenClaw versions before 2026.2.12 are vulnerable to timing-based token extraction attacks due to non-constant-time string comparison in hook authentication. A network-based attacker can exploit this side-channel vulnerability to gradually recover the hook validation token through repeated timing measurements across multiple requests. The vulnerability requires repeated probing but poses a confidentiality risk to systems using vulnerable versions.
OpenClaw voice-call plugin versions before 2026.2.3 allow remote attackers to forge webhook events by exploiting improper authentication in reverse-proxy environments where forwarded headers are implicitly trusted. An unauthenticated attacker can manipulate Forwarded or X-Forwarded-* headers to bypass webhook verification and spoof legitimate events. A patch is available to address this authentication bypass vulnerability.
Openclaw versions up to 2026.2.12 is affected by missing authentication for critical function (CVSS 5.9).
Inseri Core versions up to 1.0.5 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability has a CVSS score of 5.3 and currently lacks a patch, putting deployments at risk until remediation is available.
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. [CVSS 5.8 MEDIUM]
Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12. [CVSS 5.8 MEDIUM]
Authentication bypass in RustDesk Client through 1.4.5 across Windows, macOS, Linux, iOS, and Android allows remote attackers to replay captured session IDs and login proofs to impersonate legitimate peers without knowing the original credentials. The flaw stems from insufficient computational effort in the hash_password() routine combined with reusable session identifiers in the login proof construction, enabling capture-replay attacks against the peer authentication module. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.04% (12th percentile).
Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).
Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).
The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or text/plain could be misinterpreted as application/json. This misint...
OpenClaw versions 2026.1.14-1 through 2026.2.1 with the Matrix plugin enabled fail to validate homeserver identity when checking direct message allowlists, allowing remote attackers to impersonate authorized users by spoofing display names or local identifiers from different homeservers. This bypass enables unauthorized access to routing and agent pipelines for authenticated Matrix users on remote servers. A patch is available in version 2026.2.2 and later.
Gogs versions prior to 0.14.2 expose authentication tokens in URL parameters, allowing credentials to be captured through server logs, browser history, and HTTP referrer headers. This information disclosure vulnerability affects self-hosted Gogs instances and could enable attackers to gain unauthorized API access if tokens are leaked through these channels. A patch is available in version 0.14.2 and later.
Products.isurlinportal is a replacement for isURLInPortal method in Plone. versions up to 2.1.0 is affected by url redirection to untrusted site (open redirect) (CVSS 5.3).
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Twenty CRM versions prior to 1.18 allow authenticated users to bypass SSRF protections by exploiting unvalidated HTTP redirect targets, enabling access to private IP addresses through attacker-controlled intermediaries. An attacker with control over webhook endpoints or image URLs can leverage this vulnerability to reach restricted internal resources that would normally be blocked.
SQL injection in the Apocalypse Meow WordPress plugin up to version 22.1.0 allows authenticated administrators to execute arbitrary SQL queries due to a flawed validation check combined with improper quote escaping. An authenticated attacker with administrator privileges can exploit this via the 'type' parameter to extract sensitive database information. No patch is currently available.
Stylemix uListing versions 2.2.0 and earlier contain a path traversal vulnerability that allows authenticated users with high privileges to access files outside the intended directory structure and read sensitive information. The vulnerability requires valid credentials and does not enable file modification or system disruption, limiting its impact to unauthorized information disclosure.
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.
OpenClaw versions before 2026.2.13 are vulnerable to timing side-channel attacks on hook token validation due to use of non-constant-time string comparison. Remote attackers can exploit this weakness by measuring response times across multiple requests to gradually recover authentication tokens for the hooks endpoint. This affects confidentiality and integrity of OpenClaw deployments accessible over the network.
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]
Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]
NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.
Octopus Server allows authenticated attackers to generate new API keys from existing access tokens with extended lifetimes that exceed the original token's validity period. This token lifetime extension vulnerability (CWE-863) could enable attackers with valid credentials to maintain persistent access beyond intended restrictions. The vulnerability affects Octopus Server with no patch currently available.
Unauthorized wiki page creation in OpenProject prior to versions 17.0.5 and 17.1.2 allows authenticated attackers to bypass project access controls and create pages in projects they lack permission to access. The vulnerability stems from improper authentication validation on wiki page creation requests, enabling an attacker to modify project documentation without proper authorization. No patch is currently available for affected versions.
The Media Library Assistant plugin for WordPress through version 3.33 fails to validate user permissions in the mla_update_compat_fields_action() function, allowing authenticated subscribers and higher-privileged users to modify taxonomy terms on any attachment. This authorization bypass enables attackers to alter attachment metadata without proper capability restrictions. A patch is not currently available.
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]