CVE Schwachstellen

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument...

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific i...

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanis...

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for scr...

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from ...

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is a...

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update...

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is E...

Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is includ...

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Fo...

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and r...

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n...

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in ...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `plugin/YPTWallet/YPTWallet.php` contains a Time-of-Check-Time-of-Use (TOCTOU) rac...

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy o...

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be explo...

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGu...

Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An ...

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated att...

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the htt...

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The applicat...

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crash...

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, a...

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protec...

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS comm...

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encoura...

A resample query can be used to trigger out-of-memory crashes in Grafana.

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's `save.json.php` endpoint loads AI response objects using an attacker-controlled `$_REQUEST['id']` pa...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query...

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property...

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string....

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorat...

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web inte...

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the deskto...

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerabili...

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Atta...

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their o...

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arb...

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requ...

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrai...

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild member...

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers ca...