Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OpenClaw versions prior to 2026.2.23 contain a webhook event deduplication bypass vulnerability where normalized Twilio event IDs are randomized on each parse, allowing attackers to replay webhook events and circumvent the manager's deduplication checks. An unauthenticated remote attacker can exploit this over the network to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. While no CVSS modifier for active exploitation or public POC is explicitly confirmed in the provided intelligence, the CVSS 6.5 score reflects moderate integrity and availability impact with low attack complexity.
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the browser trace and download output path handling that allows local attackers with limited privileges to escape the managed temporary root directory and overwrite arbitrary files on the system. An attacker can create symbolic links to redirect file writes outside the intended sandbox, resulting in information disclosure and potential system compromise through arbitrary file modification. A patch is available from the vendor, and this vulnerability requires local access with low privileges to exploit, making it a medium-severity concern for multi-user systems.
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use (TOCTOU) vulnerability in the approval-bound system.run execution function where the current working directory (cwd) parameter is validated at approval time but resolved at execution time, allowing attackers with local access and limited privileges to retarget symlinked directories between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts. The vulnerability has a CVSS score of 6.5 with medium attack complexity but high integrity and availability impact, making it a notable local privilege escalation vector that requires user interaction in the approval workflow.
OpenClaw versions before 2026.2.24 allow authenticated attackers to execute arbitrary commands through command injection in the system.run shell-wrapper by injecting malicious arguments that bypass validation controls. Public exploit code exists for this vulnerability, enabling attackers to disguise malicious payloads while executing hidden commands with the privileges of the affected application.
OpenClaw versions prior to 2026.2.21 contain a passwordless fallback authentication bypass in the BlueBubbles webhook handler that allows attackers to send unauthenticated webhook events by exploiting loopback or reverse-proxy heuristics. The vulnerability affects the BlueBubbles plugin component and has a CVSS score of 4.8 (medium severity) with low attack complexity, enabling both confidentiality and integrity impact without requiring authentication or user interaction. A vendor patch is available, and the vulnerability is documented in public advisories from VulnCheck and GitHub Security.
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenClaw versions before 2026.2.25 allow authenticated attackers with node role permissions to bypass device pairing requirements in the Control UI by spoofing the control-ui client identifier, enabling unauthorized access to node event execution flows. Public exploit code exists for this authentication bypass vulnerability. The vulnerability requires prior authentication and has moderate integrity impact potential.
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in HTTP gateway routes due to incorrect application of tokenless Tailscale header authentication. Attackers on trusted networks can access HTTP gateway routes without providing required token or password credentials, potentially exposing sensitive functionality. A patch is available from the vendor, and this vulnerability has been disclosed publicly via GitHub Security Advisory GHSA-hff7-ccv5-52f8.
A Server-Side Request Forgery (SSRF) vulnerability exists in the validateUrlSecurity function within trueleaf ApiFlow version 0.9.7's URL validation handler. This flaw allows unauthenticated remote attackers to manipulate server-side requests to access internal resources or perform actions on behalf of the server. A public proof-of-concept exploit has been disclosed and is available, significantly lowering the barrier to exploitation.
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability that selectively bypasses safety checks for tar.bz2 skill archives while other formats enforce proper validation. An attacker can craft a malicious tar.bz2 skill archive that circumvents special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation when a user interacts with the installer. This is a local, user-interaction-dependent vulnerability with no authentication required, rated CVSS 5.5 (medium severity) with denial of service impact.
OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP (Approval Control Panel) client that automatically approves tool calls based on untrusted metadata and overly permissive heuristics. An authenticated attacker with PR (privileges required) can bypass interactive approval prompts for read-class operations by spoofing toolCall.kind metadata or using non-core read-like function names to reach auto-approve execution paths. This vulnerability enables unauthorized information disclosure and modification without user interaction, and while not currently listed as actively exploited in KEV, proof-of-concept demonstrations are available via vendor security advisories.
OpenClaw versions prior to 2026.2.26 contain an authentication bypass vulnerability in their Slack system event handlers that fails to properly enforce sender authorization checks. Attackers with low-privilege access (PR:L in CVSS vector) can craft and send unauthorized system events through message_changed, message_deleted, and thread_broadcast event types to bypass Slack DM allowlists and per-channel user allowlists. The vulnerability has a moderate CVSS score of 5.4 with low confidentiality and integrity impact; no KEV or active exploitation has been publicly disclosed, but a patch is available from the vendor.
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability (CWE-1188) that allows local attackers with low privileges to execute arbitrary code on the host system by exploiting disabled OS-level sandbox protections in the Chromium browser container. The vulnerability does not require a sandbox escape, making exploitation straightforward for local users. A patch is available from the vendor, and the issue was reported by VulnCheck with references to GitHub security advisories and patch commits.
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in the system.run function where the rendered command text displayed to approvers has whitespace trimmed from argv tokens, but the actual runtime execution uses the raw, untrimmed argv. An attacker with the ability to influence command arguments and reuse an approval context can craft a trailing-space executable token to execute a different binary than what was approved, resulting in arbitrary command execution under the OpenClaw runtime user. The CVSS score of 4.8 reflects the requirement for local privileges and user interaction, though the integrity impact is marked as high due to the ability to execute unauthorized commands.
OpenClaw fails to consistently apply sender-policy checks to reaction and pin event handlers, allowing authenticated attackers to bypass configured direct message policies and channel user allowlists by injecting unauthorized events from restricted senders. The vulnerability affects OpenClaw versions prior to 2026.2.25, requires low privileges (authenticated user), and enables unauthorized event injection with moderate severity (CVSS 4.3). A patch is available from the vendor, and the vulnerability has been documented in the VulnCheck advisory and GitHub Security Advisory GHSA-rm2p-j3r7-4x4j.
The App Builder - Create Native Android & iOS Apps On The Flight WordPress plugin up to version 5.5.10 contains a privilege escalation vulnerability in its REST API registration endpoint that allows unauthenticated attackers to register accounts with the wcfm_vendor role, bypassing WCFM Marketplace's vendor approval workflow. The verify_role() function in AuthTrails.php explicitly whitelists the wcfm_vendor role without proper authorization checks, enabling attackers to immediately gain vendor-level privileges including product management, order access, and store management on affected WordPress installations. This vulnerability has a CVSS score of 6.5 with low attack complexity and no authentication requirements, making it a moderate-to-significant risk for WordPress sites using both this plugin and WCFM Marketplace.
The Task Manager plugin for WordPress (all versions up to 3.0.2) contains an arbitrary shortcode execution vulnerability in the AJAX search callback function due to missing capability checks and insufficient input validation. Authenticated attackers with Subscriber-level privileges and above can inject malicious shortcode syntax into search parameters to execute arbitrary shortcodes on the WordPress site, potentially leading to code execution and site compromise. The vulnerability is classified with a CVSS 3.1 score of 6.5 and has been reported by Wordfence security researchers.
The Task Manager plugin for WordPress contains an arbitrary file read vulnerability in the callback_get_text_from_url() function that allows authenticated attackers with Subscriber-level privileges and above to read sensitive files from the server. This information disclosure vulnerability affects all versions up to and including 3.0.2 of the eoxia Task Manager plugin. The vulnerability has a CVSS score of 6.5 and presents moderate real-world risk due to its low attack complexity and the prevalence of WordPress installations, though exploitation requires valid user credentials.
SQL injection in the Pre* Party Resource Hints WordPress plugin up to version 1.8.20 allows authenticated users with Subscriber-level permissions or higher to execute arbitrary database queries through the unescaped 'hint_ids' parameter in the pprh_update_hints AJAX action. An attacker can exploit this to extract sensitive information from the WordPress database without user interaction. No patch is currently available for this vulnerability.
The Hr Press Lite WordPress plugin (versions up to 1.0.2) contains a missing capability check vulnerability in the hrp-fetch-employees AJAX action that allows authenticated attackers with Subscriber-level access to retrieve sensitive employee information including names, email addresses, phone numbers, salary data, employment dates, and employment status. This represents a clear privilege escalation and information disclosure flaw with a CVSS score of 6.5 (Medium severity, high confidentiality impact) affecting all versions of the plugin distributed through the WordPress plugin repository.
The ElementCamp plugin for WordPress contains a time-based SQL injection vulnerability in the 'tcg_select2_search_post' AJAX action through improper validation of the 'meta_query[compare]' parameter. Authenticated attackers with Author-level privileges or higher can inject arbitrary SQL operators to extract sensitive database information, as the vulnerable code places user-supplied comparison operators directly into SQL queries without allowlist validation, rendering esc_sql() ineffective for operator-level payloads. The CVSS score of 6.5 reflects moderate severity with high confidentiality impact but no integrity or availability impact, limited to authenticated users with elevated privileges.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Show Posts List plugin for WordPress (versions up to 1.1.0) affecting the 'swiftpost-list' shortcode's 'post_type' attribute due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level privileges or higher can inject arbitrary JavaScript code into pages, which executes whenever any user views the compromised page. With a CVSS score of 6.4 and network-accessible attack vector requiring only low privileges, this represents a moderate-priority vulnerability for WordPress installations using this plugin, particularly those with multi-user environments.