CVE Vulnerabilities - 1 April 2026

A security issue in XenForo 2.3.7 and earlier may allow an attacker to compromise Passkey-based authentication. This could put user accounts at risk of unauthorized access. To fix the issue, update to...

The OpenClaw chat extension has a security flaw that allows attackers to bypass restrictions and interact with chat bots. This means that if you're using OpenClaw with Google Chat or Zalouser, your ch...

Low-privilege operators can approve nodes with more access than they should have, giving attackers extra permissions. This can lead to unauthorized actions on the system. Update OpenClaw to version 20...

A flaw in OpenClaw allows a malicious configuration file to override security settings when a user starts the application from a specific directory. This could potentially allow an attacker to access ...

A security issue in older versions of CI4MS allows attackers to inject malicious code into the system, which can be executed by administrators. This could allow hackers to take control of the system o...

CodeIgniter 4 CMS Skeleton stores JavaScript code from users in pages without proper security checks, allowing an attacker to inject malicious scripts that can affect administrators. This can lead to ...

RTI Connext Professional's Routing, Observability, Recording, Queueing, and Cloud Discovery Services may allow unauthorized access to data when handling XML files. This can lead to sensitive data bein...

XenForo, a forum software, has a security risk. An attacker with admin access can run malicious code on the server, which could compromise data and disrupt the forum. Update to the latest version of X...

An attacker could potentially execute unauthorized actions in XenForo by using a template to call a non-public method. This is a security risk because it could allow an attacker to access or modify se...

If you're using XenForo 2.3.4 or earlier, an unauthorized application can request more access than it's supposed to have, potentially exposing your users' data. This is a serious issue that affects al...

A security issue in SiYuan's icon retrieval feature could allow an attacker to execute malicious code on a user's browser if they view a specially crafted SVG file. This affects versions 3.6.0 to 3.6....

SiYuan users may be at risk of injected code execution if they open a malicious document downloaded from an untrusted source. This can happen when a document contains malicious attributes that bypass ...

A vulnerability in Elixir's Ash library can cause an Elixir application to crash if an attacker sends a large number of specially crafted requests. This can happen if the application uses Ash to valid...

This vulnerability affects the way the application handles list box calculations, potentially allowing an attacker to execute arbitrary code. This could be exploited by creating a crafted document tha...

The Adobe Acrobat update service can load malicious libraries from certain directories that are accessible to low-privileged users. This could allow an attacker to execute arbitrary code on the system...

IBM Storage Protect Server 8.2.0 has a security weakness that lets an attacker, from anywhere, view or change information in the server's database. This could lead to unauthorized access to sensitive ...

XenForo software versions prior to 2.3.7 may reveal sensitive information about the server's directory structure. This could potentially be used by an attacker to gather information that could be used...

A weakness in xmldom allows attackers to inject malicious XML code into text areas, potentially allowing them to manipulate business logic and data. This can happen when attacker-controlled strings co...

A weakness in the Windows installer allows a local attacker to replace system files with malicious ones, potentially giving them elevated privileges. This means that if you have a malicious program on...

A vulnerability in itsourcecode Payroll Management System 1.0 allows hackers to inject malicious SQL code, potentially stealing sensitive employee data. This can happen when a malicious user manipulat...

A bug in the OpenClaw gateway allows it to trust certain executable files too easily, potentially allowing unauthorized access. This could happen if a user allows an executable once, and it might be u...

A security issue in OpenClaw gateway allows a one-time approval to permanently allow execution of malicious code, potentially weakening security boundaries. This affects OpenClaw gateway users, who sh...

A vulnerability in OpenClaw's Fal provider could allow a malicious or compromised relay to access internal URLs and expose sensitive information. This affects users who are running versions of OpenCla...

A flaw in the way signatures are accepted could have allowed attackers to access or modify documents they shouldn't have. This could have led to fake signatures and compromised trust in the signing pr...

## Summary `@tinacms/graphql` uses string-based path containment checks in `FilesystemBridge`: - `path.resolve(path.join(baseDir, filepath))` - `startsWith(resolvedBase + path.sep)` That blocks pla...