Exploit Database

146,553 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-38949 WRITEUP HIGH
HTMLy 3.1.1 - Stored Cross-Site Scripting via Content Creation Endpoint
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code
CVSS 8.9
CVE-2021-40285 WRITEUP HIGH
htmly 2.8.1 - Arbitrary File Deletion via Backup View Component
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVSS 8.1
CVE-2021-36703 WRITEUP MEDIUM
htmly 2.8.1 - Stored Cross-Site Scripting in Blog Title Field
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name.
CVSS 6.1
CVE-2021-36702 WRITEUP MEDIUM
htmly 2.8.1 - Stored Cross-Site Scripting in Regular Post Content Field
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.
CVSS 6.1
CVE-2021-36701 WRITEUP CRITICAL
htmly <2.8.1 - Privilege Escalation
In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host.
CVSS 9.1
CVE-2021-33354 WRITEUP HIGH
htmly < 2.8.1 - Path Traversal and Arbitrary File Deletion via File Parameter
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVSS 8.1
CVE-2021-30637 WRITEUP MEDIUM
htmly 2.8.0 - Stored Cross-Site Scripting via Blog Title Tagline or Description
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
CVSS 5.4
CVE-2020-23766 WRITEUP MEDIUM
htmly <2.7.5 - Privilege Escalation
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
CVSS 6.5
CVE-2026-3893 WRITEUP CRITICAL
Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.
CVSS 9.4
CVE-2026-40560 WRITEUP HIGH
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
CVSS 7.5
CVE-2026-41373 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER via environment overrides. Attackers with approved host-exec requests can override compiler binaries to execute arbitrary code during build processes.
CVSS 6.1
CVE-2026-41374 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
CVSS 5.3
CVE-2026-41375 WRITEUP MEDIUM
OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper administrative privileges.
CVSS 6.5
CVE-2026-41376 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.
CVSS 5.4
CVE-2026-41377 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.
CVSS 4.6
CVE-2026-41378 WRITEUP HIGH
OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.request dispatch to achieve remote code execution on the gateway.
CVSS 8.8
CVE-2026-41379 WRITEUP HIGH
OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voice configuration settings intended for administrators only.
CVSS 7.1
CVE-2026-41381 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Access Control Bypass in Discord Voice Manager via Channel Allowlist
OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.
CVSS 5.4
CVE-2026-41382 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to restricted voice channels.
CVSS 5.4
CVE-2026-41383 WRITEUP HIGH
OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.
CVSS 8.1
CVE-2026-41384 WRITEUP HIGH
OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.
CVSS 7.8
CVE-2026-41385 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass
OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations.
CVSS 6.5
CVE-2026-41386 WRITEUP CRITICAL
OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.
CVSS 9.1
CVE-2026-41388 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling
OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls.
CVSS 6.5
CVE-2026-41391 WRITEUP MEDIUM
OpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL Handling
OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting malicious index URLs through unsanitized environment variables.
CVSS 5.3