Briefs

OpenClaw before 2026.3.11 exhibits an approval-integrity vulnerability where attackers can place wrapper binaries to execute local code after operators approve misleading command text, due to the system displaying extracted shell payloads instead of the actual executed arguments.

The Query Monitor WordPress plugin is vulnerable to reflected cross-site scripting (XSS) due to insufficient input sanitization and output escaping of the '$_SERVER['REQUEST_URI']' parameter, allowing unauthenticated attackers to inject arbitrary web scripts.

CVE-2026-5198 is a SQL injection vulnerability in the Admin Login component of code-projects Student Membership System 1.0, affecting the /admin/index.php file, enabling remote exploitation through manipulation of username/password parameters.

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets leading to forged webhook submission.

OpenClaw before version 2026.3.13 exposes Telegram bot tokens in error messages due to the fetchRemoteMedia function embedding these tokens in MediaFetchError strings when media downloads fail.

OpenClaw before 2026.3.13 is vulnerable to remote command injection via unsanitized iMessage attachment paths passed to the SCP remote operand, allowing attackers to execute arbitrary commands on configured remote hosts when remote attachment staging is enabled.

Threat actors are actively exploiting CVE-2026-3055, a critical memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances configured as a SAML identity provider (IDP), to extract sensitive information, including authenticated administrative session IDs, potentially leading to full system takeover.

A remote SQL injection vulnerability exists in the User Registration Handler component of code-projects Student Membership System 1.0, exploitable through manipulation of input.

A stored cross-site scripting (XSS) vulnerability in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x (CVE-2025-10553) allows attackers to execute arbitrary script code within a user's browser session.

CVE-2025-10559 is a path traversal vulnerability in DELMIA Factory Resource Manager, affecting versions 3DEXPERIENCE R2023x through R2025x, which allows an attacker with low privileges to read or write files in specific directories on the server, potentially leading to information disclosure or code execution.

A stored cross-site scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows an attacker to execute arbitrary script code in a user's browser session by injecting malicious code into document management functions.

Multiple vulnerabilities in ImageMagick could allow an attacker to perform a denial of service attack, execute arbitrary code, or manipulate data.

The trivy-action GitHub Action was compromised via git tag repointing, where 76 of 77 release tags were retroactively poisoned, leading to a multi-stage credential theft operation discovered following a spike in script execution detections on Linux runners.

The aquasecurity/trivy-action GitHub Action was compromised via git tag repointing, injecting malicious code into the entrypoint.sh script to steal credentials from CI/CD pipelines before executing the legitimate Trivy scanner.

The trivy-action GitHub Action, a widely used vulnerability scanner in CI/CD pipelines, was compromised via git tag repointing to inject a multi-stage credential stealer, affecting 76 of 77 release tags.

A SQL Injection vulnerability (CVE-2026-5180) exists in SourceCodester Simple Doctors Appointment System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'email' parameter in the /admin/ajax.php?action=login2 endpoint.

A SQL injection vulnerability (CVE-2026-5179) exists in SourceCodester Simple Doctors Appointment System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the Username argument in the /admin/login.php file, with a public exploit available.

A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.

SciTokens versions prior to 1.9.6 incorrectly validate scope paths using a prefix match, leading to an authorization bypass vulnerability where a token with access to a specific path can access sibling paths with the same prefix.

A vulnerability in versions prior to 0.2.86 of the act project allows remote attackers to create arbitrary caches, potentially leading to remote code execution within Docker containers by poisoning predicted cache keys.

A security vulnerability in Moby (prior to v29.3.1) allows attackers to bypass authorization plugins, potentially leading to unauthorized container access and privilege escalation.

A path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.

A SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.

A command injection vulnerability (CVE-2026-5176) exists in the setSyslogCfg function of the Totolink A3300R router version 17.0.0cu.557_b20221024, allowing remote attackers to execute arbitrary commands by manipulating arguments in the /cgi-bin/cstecgi.cgi file.

baserCMS versions prior to 5.2.3 are vulnerable to OS command injection, allowing an authenticated administrator to execute arbitrary commands on the server via maliciously crafted input to the core update functionality.

baserCMS versions prior to 5.2.3 are vulnerable to DOM-based Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, potentially allowing a remote attacker to execute arbitrary JavaScript in a user's browser.

baserCMS prior to version 5.2.3 contains an OS command injection vulnerability in the update functionality, allowing authenticated administrators to execute arbitrary OS commands on the server.

baserCMS versions prior to 5.2.3 are vulnerable to arbitrary code execution via a crafted zip file upload through the restore function, leading to unauthenticated remote command execution on the webserver.

A stack-based buffer overflow vulnerability exists in Tenda CH22 1.0.0.1 via manipulation of the `mit_linktype` argument in the `/goform/QuickIndex` endpoint, potentially enabling remote code execution.