OpenClaw prior to version 2026.2.2 is vulnerable to server-side request forgery through its attachment and media URL processing, allowing unauthenticated remote attackers to make arbitrary HTTP requests to internal resources. Attackers can exploit model-controlled message features to trigger the SSRF and exfiltrate response data as outbound attachments. Public exploit code exists for this vulnerability.
File Browser versions prior to 2.61.0 incorrectly set the filesystem root to a parent directory when generating public share links, enabling any user with a share link to access and download files from sibling directories beyond the intended shared folder. This authenticated network-based vulnerability affects Golang and Filebrowser and has public exploit code available. The issue is resolved in version 2.61.0 and later.
lxml_html_clean versions prior to 0.4.4 fail to sanitize <base> HTML tags, allowing attackers to inject malicious base tags and redirect relative links to attacker-controlled domains. Public exploit code exists for this vulnerability. The issue affects applications using the default Cleaner configuration and has been remediated in version 0.4.4.
lxml_html_clean versions before 0.4.4 fail to properly sanitize CSS Unicode escape sequences in the _has_sneaky_javascript() method, allowing attackers to bypass filters and inject malicious @import statements or XSS payloads. Public exploit code exists for this vulnerability, which affects applications using the library for HTML sanitization. A patch is available in version 0.4.4 and should be applied immediately to prevent CSS-based injection attacks.
Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.
Koha versions 25.11 and earlier contain a stored cross-site scripting vulnerability in the News function that allows authenticated users to inject malicious scripts affecting other users who view the compromised content. Public exploit code exists for this vulnerability, and attackers can leverage it to steal session data or perform actions on behalf of victims. A patch is not currently available for affected deployments.
Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 4.7).
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.
OpenClaw versions before 2026.2.12 with the Nostr plugin enabled contain unauthenticated API endpoints that allow remote attackers to read and modify Nostr profiles without authentication when the gateway HTTP port is network-accessible. Attackers can exploit this to steal sensitive profile data, alter gateway configuration, and sign malicious Nostr events using the bot's private key. A patch is available for affected installations.
LangGraph SQLite Checkpoint versions 1.0.9 and prior are vulnerable to unsafe deserialization of msgpack-encoded objects, allowing attackers with write access to the checkpoint database to execute arbitrary code when checkpoints are loaded. This vulnerability affects Python-based AI/ML applications using LangGraph's persistence layer and requires adversary control of the backing storage to exploit. No public patch is currently available for this issue.
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
Privilege escalation in Azure Compute Gallery's regex validation enables high-privileged local users to gain unauthorized system access on affected Microsoft and ACI Confidential Containers systems. An authenticated attacker with elevated permissions can exploit the permissive pattern matching to bypass security controls and achieve full system compromise. No patch is currently available, making this a medium-severity risk for environments running vulnerable versions.
Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) contains a security vulnerability (CVSS 6.7).
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]
Unauthorized information disclosure in Azure Compute Gallery occurs due to insecure default initialization settings that authenticated users can exploit to access sensitive data remotely. An authorized attacker can leverage this vulnerability to read confidential information without requiring user interaction. No patch is currently available for Microsoft products and ACI Confidential Containers.
Openclaw versions up to 2026.2.15 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Unauthenticated attackers can delete arbitrary WordPress media attachments in Fluent Forms Pro Add On Pack versions up to 6.1.17 due to missing authorization checks in the deleteFile() AJAX action. The vulnerable endpoint is accessible to unauthenticated users and accepts an attachment_id parameter without nonce verification or capability validation. No patch is currently available for this medium-severity vulnerability affecting WordPress sites.
EC-CUBE administrative authentication can be bypassed by attackers possessing valid admin credentials, allowing them to circumvent multi-factor authentication protections and access the admin panel. This vulnerability (CVSS 6.5) affects administrators or high-privileged users whose credentials have been compromised, potentially enabling unauthorized administrative access.
Site Suggest plugin version 1.3.9 and earlier lacks proper access control checks, enabling unauthenticated remote attackers to access restricted functionality and modify data. The vulnerability affects installations without authentication requirements and could allow attackers to manipulate site suggestions or related content without authorization. No patch is currently available.
Improper access control in the Blend Media WordPress CTA easy-sticky-sidebar plugin through version 1.7.4 allows unauthenticated attackers to exploit misconfigured security levels and gain unauthorized access to sensitive functionality. The vulnerability affects WordPress installations running the vulnerable plugin versions and could enable attackers to read restricted information or disrupt service availability. No security patch is currently available.
Openclaw versions up to 2026.2.14 is affected by missing authentication for critical function (CVSS 6.5).
Cloudfoundry UAA versions 77.30.0 through 78.7.0 and Cloudfoundry Deployment versions 48.7.0 through 54.10.0 contain a logic error in the token revocation endpoint that allows authenticated users to inadvertently revoke tokens belonging to other users. An attacker with valid credentials could exploit this flaw to disrupt service availability by invalidating legitimate user sessions without authorization.
OpenClaw prior to version 2026.2.14 fails to properly validate Telegram allowlist entries by accepting mutable usernames instead of immutable user IDs, enabling attackers to register recycled usernames and bypass access controls. An unauthenticated attacker can exploit this flaw to impersonate legitimate users and send unauthorized commands to OpenClaw bots. No patch is currently available.
Frappe versions prior to 14.100.1 and 15.100.0 contain a SQL injection vulnerability in an endpoint that allows authenticated attackers to extract sensitive information from the database. An attacker with valid credentials can craft malicious requests to bypass query protections and access confidential data without modifying or disrupting system availability. No patch is currently available for affected deployments.
kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon is affected by missing authorization (CVSS 6.5).
WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by cross-site scripting (xss) (CVSS 6.5).
RadiusTheme Classified Listing plugin through version 5.3.4 exposes sensitive data in sent communications due to improper information handling. An authenticated attacker can retrieve embedded sensitive information from network traffic without modifying data or disrupting service. No patch is currently available for this vulnerability.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19. [CVSS 6.5 MEDIUM]
OpenClaw versions 2026.1.30 and earlier leak authentication bearer tokens to untrusted domains when the optional MS Teams attachment downloader extension is enabled, due to overly permissive suffix-based domain allowlisting during download retries. An attacker could harvest these tokens from allowed domains to compromise authenticated sessions. No patch is currently available, affecting users of the vulnerable versions.
SQL injection in WordPress Page and Post Clone plugin up to version 6.3 allows authenticated contributors and above to extract sensitive database information through a second-order injection via the meta_key parameter. The vulnerability stems from insufficient input escaping and query preparation in the content_clone() function, with malicious payloads stored as post metadata and executed during the clone operation. No patch is currently available.
Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons is affected by missing authorization (CVSS 6.5).
Themeum Tutor LMS through version 3.9.5 contains an authorization bypass that allows authenticated users to modify content they should not have access to due to improper access control validation. An attacker with valid credentials can exploit this vulnerability to alter course materials and settings without proper permission checks. No patch is currently available for this medium-severity issue.
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. [CVSS 6.5 MEDIUM]
CKEditor 5 versions before 47.6.0 contain a stored XSS vulnerability in the General HTML Support feature that allows attackers to execute arbitrary JavaScript by injecting malicious markup into documents processed by vulnerable editor instances. This vulnerability affects users relying on unsafe General HTML Support configurations, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for affected deployments.
OoohBoi Steroids for Elementor (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Stored Cross-Site Scripting in the Greenshift page builder plugin for WordPress (versions up to 12.8.5) allows authenticated users with Contributor privileges or higher to inject malicious scripts through the `_gspb_post_css` post meta and `dynamicAttributes` block attributes due to inadequate input sanitization. When other users access affected pages, the injected scripts execute in their browsers, potentially compromising their sessions or stealing sensitive data. No patch is currently available.
SkatDesign Ratatouille versions up to 1.2.6 contain a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests from the affected system. An attacker with valid credentials can leverage this flaw to access internal services, retrieve sensitive information, or perform actions on behalf of the server across different security domains. No patch is currently available for this medium-severity vulnerability.
OpenClaw Chrome extension relay server versions prior to 2026.2.12 improperly bind to all network interfaces when wildcard cdpUrl values are configured, enabling remote attackers to discover service endpoints and port information. An attacker can exploit this exposure to conduct denial-of-service attacks and brute-force attempts against the relay token authentication mechanism without requiring local access.
OpenClaw versions before 2026.2.14 fail to validate base URLs in the Tlon Urbit extension, allowing attackers to trigger server-side request forgery attacks that direct the gateway to arbitrary hosts, including internal systems. This network-accessible vulnerability requires no authentication and can result in information disclosure and service disruption. No patch is currently available.
Unauthorized access in PixFort Core through version 3.2.22 allows authenticated attackers to bypass access control restrictions and modify system data due to improper authorization checks. An attacker with valid credentials could exploit this vulnerability to access or modify resources they should not have permission to interact with. No patch is currently available for this vulnerability.
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Stored XSS in Wagtail's TableBlock allows authenticated users with page editing permissions to inject malicious class attributes that execute arbitrary JavaScript when pages are viewed by other users. An attacker could exploit this to perform administrative actions or steal credentials from higher-privileged users viewing the compromised content. The vulnerability affects Wagtail versions prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1, with patches now available.
Stored XSS in Wagtail's simple_translation module allows authenticated admin users to inject malicious JavaScript through specially-crafted page titles that executes when other admins perform translation actions, potentially compromising their credentials. The vulnerability affects Wagtail versions prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1, and requires admin-level access to exploit, limiting exposure to internal threats. Patches are available for all affected versions.
HumHub Calendar module versions prior to 1.8.11 contain a stored XSS vulnerability in Event Types that allows attackers to inject malicious scripts viewed by users accessing events created by administrative accounts. An attacker with event creation privileges can execute arbitrary JavaScript in the browsers of users viewing affected events, potentially compromising session tokens or sensitive information. No patch is currently available for affected installations.
Stored cross-site scripting in Gogs prior to version 0.14.2 allows unauthenticated attackers to inject malicious scripts through template rendering of user-controlled data, potentially affecting all users viewing compromised content. The vulnerability exploits unsafe handling of data URLs combined with permissive sanitization, enabling attackers to steal session cookies, deface pages, or perform actions on behalf of victims. A patch is available in version 0.14.2 and later.
Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
OpenClaw versions 2026.1.16 through 2026.2.13 allow local attackers to write arbitrary files outside intended directories by supplying malicious archives to the skills, hooks, plugins, or signal installation commands. Successful exploitation enables attackers to achieve code execution or establish persistence on affected systems. A patch is available for affected users.