Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from * before 1.43.7, 1.44.4, 1.45.2.
OpenClaw before version 2026.4.20 misclassifies direct messages as group conversations in Feishu card-action callbacks, allowing authenticated attackers to bypass dmPolicy restrictions and trigger card-action flows that should have been blocked. The vulnerability affects direct message handling in the Feishu integration and requires authenticated access (PR:L per CVSS vector) but achieves both confidentiality and integrity impact with moderate CVSS score of 5.4.
Server-side request forgery in OpenClaw before version 2026.4.20 allows authenticated attackers to bypass strict-mode SSRF policy checks during browser CDP profile creation by storing profiles pointing to private-network or metadata endpoints, which are later probed during normal profile status operations. The vulnerability affects only strict-mode deployments that explicitly restrict private-network CDP targets; default configurations allow private-network endpoints and are not vulnerable. Vendor-released patch: 2026.4.20.
Authorization bypass in OpenClaw before 2026.4.21 allows non-owner senders to execute owner-enforced slash commands when channels are configured with wildcard inbound senders (allowFrom: ["*"]) without explicit owner allowFrom settings. Attackers with legitimate channel access can exploit this to bypass owner-only command authorization checks and execute commands such as /send, /config, or /debug. The vulnerability requires authenticated access to affected channels but is limited to command-owner authorization and does not grant tool access or gateway administrator scope.
OpenClaw before version 2026.4.20 allows authenticated local agents to bypass tool policy restrictions by appending bundled MCP and LSP tools to the effective tool set after policy filtering has completed. Attackers with local agent access can circumvent profile policies, allow/deny lists, owner-only restrictions, sandbox policies, and subagent policies, potentially gaining unauthorized access to restricted tools. This vulnerability requires a configured bundled tool source and an operator-defined restrictive policy; no active exploitation has been identified.
OpenClaw before 2026.4.22 fails to propagate security envelope constraints when spawning ACP child sessions, allowing authenticated restricted subagents to bypass depth limits, child-count restrictions, control scope, and target-agent constraints. An attacker with subagent privileges can exploit this by spawning child sessions that inherit insufficient security enforcement, potentially escalating privileges or accessing resources beyond their assigned scope.
Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.
OS command injection in Tenda AC6 firmware version 15.03.06.49_multi_TDE01 allows high-privilege remote attackers to execute arbitrary commands via manipulation of mac/ssid parameters in the fromSetWirelessRepeat function exposed through the /goform/WifiExtraSet HTTP endpoint. Public exploit code is available, though the CVSS 2.0 score reflects limited impact scope due to requirement of high-privilege authentication and minimal confidentiality/integrity/availability effects beyond low-severity damage.
MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2 expose sensitive information to unauthorized actors through improper handling in the Skin.php component. The vulnerability requires authenticated user access and user interaction (CVSS:4.0/AV:N/AC:H/PR:L/UI:P), resulting in low confidentiality impact. With an EPSS score of 2.1 and no evidence of active exploitation, this poses limited real-world risk but should be patched as part of routine maintenance.
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs without validating either field. An attacker who controls the cookie names or values passed to this function can inject ;, ,, CR, LF, or TAB characters into the serialized header. This enables two classes of attack: cookie smuggling within a single header (e.g. injecting "; admin=1" to introduce a phantom cookie that the receiving server treats as authentic) and HTTP request header splitting (injecting CRLF to append arbitrary headers or smuggle a complete second request against a shared upstream proxy). The decoder side (parse_cookie_name/1, parse_cookie_value/1) and setcookie/3 already validate and reject these characters; the encoder alone is missing the check. This issue affects cowlib from 2.9.0.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Cross-site scripting (XSS) in Devs Palace ERP Online version 4.0.0 and earlier allows authenticated high-privilege users to inject malicious scripts via the /accounts/chart-save endpoint. The vulnerability requires user interaction (UI:P) to trigger and results in limited integrity impact. Publicly available exploit code exists, though the CVSS 4.0 score of 1.9 reflects low severity due to the high privilege requirement (PR:H) and user interaction dependency.
Cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/sales_save endpoint with user interaction, resulting in integrity impact. The exploit code has been publicly released and the vendor has not responded to early disclosure attempts, leaving affected deployments without vendor-provided patches.
MediaWiki before versions 1.43.7, 1.44.4, and 1.45.2 exposes sensitive information to unauthorized actors through a vulnerability requiring user interaction. The flaw allows information disclosure via network access without authentication, though impact is limited (CVSS 1.3) and requires user participation to trigger. Vendor-released patches are available across all affected major versions.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. ### Impact Cross-site scripting (XSS). Note that By default, only users with *Manager* access level or above can save their filters publicly ### Patches - 44f490bcf20fd491c1b8f3fc9dd041d8c2a30010 ### Workarounds - Prevent display of users' real name (set `$g_ show_user_realname = OFF;` in configuration) - Restrict ability to store filters (set $`g_stored_query_create_threshold` / $`g_stored_query_create_shared_threshold` to `NOBODY` ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Improper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting. ### Impact Cross-site scripting (XSS). ### Patches - b1ebc57763f104eb5f541b7b4d1ce6948168abd9 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's _script-src_ directive by uploading a crafted attachment to any issue that, when accessed via the _file_download.php_ link, will be downloaded with a valid JavaScript MIME type resulting in script execution. The uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a `<script>` tag by the browser, due to response header X-Content-Type-Options being set to _nosniff_, which requires all imported JavaScript files to be a valid JavaScript MIME type. ### Impact Cross-site scripting ### Patches - 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Any authenticated user can inject arbitrary HTML via updating their account's font family. ### Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover. ### Patches - 9e8409cdd979eba86ef532756fc47c1d8112d22d ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Information disclosure in WeGIA versions prior to 3.6.10 allows authenticated remote attackers to obtain sensitive technical details through overly descriptive error messages in the file upload endpoint (funcionario/docdependente_upload.php), expanding the attack surface for subsequent exploitation attempts.