CVE-2021-40849

Same vendor

• CVE-2021-40848 — In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could int... (7.8 HIGH)
• CVE-2021-43266 — In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell meta... (7.3 HIGH)
• CVE-2021-43265 — In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element (5.4 MEDIUM)
• CVE-2021-43264 — In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass t... (3.3 LOW)

Same CWE

• CVE-2026-53843 — OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish... (8.8 HIGH)
• CVE-2026-53776 — Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the u... (9.1 CRITICAL)
• CVE-2026-44188 — A flaw was found in Ansible Lightspeed (5.3 MEDIUM)
• CVE-2026-53830 — OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secr... (6.5 MEDIUM)
• CVE-2026-53824 — OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing comm... (6.5 MEDIUM)