|
1281
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6370
|
2026-04-16 02:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1282
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a thr…
|
CWE-89
SQL Injection
|
CVE-2025-63029
|
2026-04-16 02:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1283
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a t…
|
CWE-79
Cross-site Scripting
|
CVE-2025-15636
|
2026-04-16 02:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1284
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through 1.6.0.
|
CWE-352
Origin Validation Error
|
CVE-2025-15635
|
2026-04-16 02:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1285
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers w…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-35632
|
2026-04-16 02:09 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1286
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send c…
|
CWE-789
CWE-770
Memory Allocation with Excessive Size Value
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35633
|
2026-04-16 02:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1287
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook pat…
|
CWE-706
CWE-863
Use of Incorrectly-Resolved Name or Reference
Incorrect Authorization
|
CVE-2026-35635
|
2026-04-16 02:00 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1288
|
7.3 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit t…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-35637
|
2026-04-16 01:53 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1289
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verifi…
|
CWE-286
Incorrect User Management
|
CVE-2026-35638
|
2026-04-16 01:52 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1290
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader oper…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-35639
|
2026-04-16 01:51 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
