A vulnerability was identified in OpenClaw versions up to 2026.2.17. is affected by information exposure (CVSS 3.3).
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. [CVSS 3.7 LOW]
Medium severity vulnerability in See description. A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.20.2 is able to address...
CodeGenieApp's serverless-express library (versions up to 4.17.1) contains an injection vulnerability in its Users Endpoint that allows attackers to manipulate filter arguments and execute unauthorized commands remotely. This affects applications using the vulnerable versions of this library. An attacker could exploit this to inject malicious code, potentially gaining unauthorized access to user data or taking control of affected systems.
AutohomeCorp's frostmourne application (version 1.0 and earlier) allows attackers to inject malicious code through the EXPRESSION parameter in the ExpressionRule.java component, which uses Oracle's Nashorn JavaScript engine without proper input validation. This vulnerability affects users of frostmourne and can be exploited remotely by unauthenticated attackers to execute arbitrary code on affected systems. The vendor has not responded to disclosure attempts, leaving users vulnerable to potential system compromise.
Unsafe deserialization in Alfresco Activiti up to versions 7.19 and 8.8.0 allows authenticated remote attackers to achieve arbitrary code execution through the Process Variable Serialization System component. An attacker with valid credentials can manipulate serialized objects during deserialization to execute malicious code on the affected system. Public exploit code is available and no patch has been released by the vendor.
Server-side request forgery in wvp-GB28181-pro up to version 2.7.4-20260107 allows authenticated attackers to manipulate the MediaServer.streamIp parameter in the IP Address Handler component, enabling arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to the disclosure.
Reflected cross-site scripting (XSS) in itsourcecode Payroll Management System 1.0 exists in the /manage_employee_deductions.php file via unsanitized ID parameters, allowing remote attackers to inject malicious scripts that execute in users' browsers. Public exploit code is available and the vulnerability remains unpatched. Successful exploitation requires user interaction but can lead to session hijacking, credential theft, or unauthorized payroll data manipulation.
Cross-site scripting (XSS) in the /view_result.php endpoint of PHP-based University Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts through the vr parameter. Public exploit code exists for this vulnerability, which requires user interaction to execute. The vulnerability has no available patch and affects the integrity of affected applications.
Stored cross-site scripting in CesiumJS up to version 1.137.0 allows unauthenticated remote attackers to inject malicious scripts through the parameter 'c' in Apps/Sandcastle/standalone.html, with public exploit code already available. While the vendor classifies this as demo code outside the core library product, the vulnerability affects users running vulnerable versions of the application. No patch is currently available.
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. [CVSS 3.8 LOW]
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. [CVSS 3.5 LOW]
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. [CVSS 3.5 LOW]
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. [CVSS 3.3 LOW]
Out-of-bounds write in GPAC 26.03-DEV's SVG parser allows local attackers with user privileges to corrupt memory and potentially execute code through a malicious SVG file. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires local system access but no user interaction beyond opening a crafted SVG document.
Stack-based buffer overflow in GPAC 26.03-DEV's TeXML file parser (txtin_process_texml function) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, making it an immediate concern for systems processing untrusted TeXML files. No patch is currently available, requiring users to implement alternative mitigations or restrict access to the affected parser.
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommen...
Heap-based buffer overflow in mold linker versions up to 2.40.4 allows local attackers with user privileges to corrupt memory and potentially execute code through the X86_64 object file initialization function. Public exploit code is available for this vulnerability. The maintainer has not yet released a patch despite early notification.
Use-after-free vulnerability in quickjs-ng through version 0.12.1 allows local attackers to corrupt memory and potentially execute arbitrary code via the js_iterator_concat_return function in quickjs.c. Public exploit code exists for this vulnerability. A local account is required to trigger the flaw, which affects confidentiality, integrity, and availability of the affected system.
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. [CVSS 3.3 LOW]
A Server-Side Request Forgery (SSRF) vulnerability exists in `@backstage/plugin-auth-backend` when `auth.experimentalClientIdMetadataDocuments.enabled` is set to `true`. The CIMD metadata fetch validates the initial `client_id` hostname against private IP ranges but does not apply the same validation after HTTP redirects. The practical impact is limited. The attacker cannot read the response body from the internal request, cannot control request headers or method, and the feature must be explicitly enabled via an experimental flag that is off by default. Deployments that restrict `allowedClientIdPatterns` to specific trusted domains are not affected. Patched in `@backstage/plugin-auth-backend` version `0.27.1`. The fix disables HTTP redirect following when fetching CIMD metadata documents. Disable the experimental CIMD feature by removing or setting `auth.experimentalClientIdMetadataDocuments.enabled` to `false` in your app-config. This is the default configuration. Alternatively, restrict `allowedClientIdPatterns` to specific trusted domains rather than using the default wildcard pattern. - [IETF Client ID Metadata Document draft](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) - [MCP Authorization Specification - Client ID Metadata Documents](https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization#client-id-metadata-documents)