CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the Anchor block in versions up to and including 2.0.9 due to insufficient input sanitization and output escaping.
The Pagelayer plugin for WordPress is vulnerable to incorrect authorization in all versions up to 2.0.9. This allows attackers with Contributor-level access and above to configure arbitrary contact form templates that can be used through unauthenticated form submissions.
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'custom_attribute_key' shortcode parameter in versions up to and including 3.1.31. This is due to an incomplete JavaScript event handler blacklist in the foogallery_sanitize_javascript() function.
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files.
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 3.3.19. The issue arises from the combine_current_css() function improperly processing <link rel="stylesheet" href="..."> values, allowing for arbitrary file reads.
A vulnerability in Allegra allows remote attackers to execute arbitrary scripts on affected installations via the downloadAttachment method. User interaction is required to exploit this vulnerability, meaning the victim must visit a malicious page or open a malicious file.
The vulnerability in Allegra's exportReport method allows remote attackers to disclose sensitive information. Authentication is required to exploit this vulnerability.
MISP has an authorization flaw in object add/edit handling that allows an authenticated user with object editing permissions to assign a MISP object or its attributes to a sharing group that the user is not authorized to use. The sharing group validation is performed against the wrong data structure, allowing the check to be bypassed.
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs.
OpenClaw before version 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.
OpenClaw before version 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls.
OpenClaw before version 2026.4.22 contains a webhook secret revocation bypass vulnerability, allowing old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation.
OpenClaw before version 2026.5.2 contains a credential exposure vulnerability in message.action forwarding, allowing action payloads with Gateway credentials to be forwarded to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context.
OpenClaw before version 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file paths to import file content into wiki memory, bypassing access restrictions.
OpenClaw before version 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation.
OpenClaw before version 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions.
Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability in the getRedirectURL function that constructs the OAuth2 callback URL without validating the Host header. This can lead to host header injection.
Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability that allows the creation of long-lived WebSocket streams without limits. Two endpoints, POST /api/v1/terminal and POST /api/v1/file, lack user rate limits and server connection caps.
Nezha Monitoring versions from 2.0.14 to before 2.1.0 allows accepting and persisting nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, it can lead to the use of the other user's DDNS profile configuration in the context of the attacker's server.

