CVE-2026-32305 - Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through

CVE-2026-25792 - Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted ex

CVE-2026-33130 - Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fi

CVE-2026-33129 - H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Cha

CVE-2026-33128 - H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14,

CVE-2026-33125 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In ve

CVE-2026-33124 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versi

CVE-2026-33123 - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker t

CVE-2026-33081 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Vers

CVE-2026-22324 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-0677 - Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite al

CVE-2024-32537 - Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site

CVE-2024-31119 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-3550 - The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and

CVE-2026-33192 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In

CVE-2026-33080 - Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.

CVE-2026-33075 - FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.

CVE-2026-33072 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded

CVE-2026-33071 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV u

CVE-2026-33070 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-au

CVE-2026-33069 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-33068 - Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from se

CVE-2026-33067 - SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata f

CVE-2026-33066 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREA

CVE-2026-32701 - Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arr

CVE-2026-2432 - The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulner

CVE-2026-2421 - The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in al

CVE-2026-27625 - Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In v

CVE-2026-23278 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always wa

CVE-2026-23277 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL point

CVE-2026-23276 - In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit t

CVE-2026-23275 - In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is

CVE-2026-23274 - In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject

CVE-2026-23273 - In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace p

CVE-2026-23272 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditi

CVE-2026-23271 - In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow

CVE-2026-33191 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver

CVE-2026-33065 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In

CVE-2026-33064 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver

CVE-2026-33061 - Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa0405

CVE-2026-33060 - CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tool

CVE-2026-33057 - Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2

CVE-2026-33056 - tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacki

CVE-2026-33022 - Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions

CVE-2026-4478 - A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts

CVE-2026-4477 - A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects

CVE-2026-4476 - A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted eleme

CVE-2026-4475 - A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected

CVE-2026-4474 - A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown funct

CVE-2026-33055 - tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional

CVE-2026-33054 - Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and

CVE-2026-33053 - Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to

CVE-2026-4473 - A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affect

CVE-2026-33051 - Craft CMS is a content management system (CMS). In versions 5.9.0-beta.1 through 5.9.10, the revisio

CVE-2026-33043 - WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json

CVE-2026-33041 - WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.

CVE-2026-33040 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions

CVE-2026-33039 - WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy

CVE-2026-33038 - WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthentica

CVE-2026-33037 - WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deploy

CVE-2026-33036 - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callback

CVE-2026-32768 - Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versi

CVE-2026-4472 - A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0.

CVE-2026-4471 - A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects

CVE-2026-4470 - A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affecte

CVE-2026-4469 - A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by

CVE-2026-33035 - WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS v

CVE-2026-33025 - AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in t

CVE-2026-33024 - AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vuln

CVE-2026-33017 - Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to

CVE-2026-33013 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-33012 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-33011 - Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and

CVE-2026-32954 - ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.

CVE-2026-32953 - Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a c

CVE-2026-32950 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior t

CVE-2026-32949 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior t

CVE-2026-32947 - Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versio

CVE-2026-4468 - A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the f

CVE-2026-4136 - The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect

CVE-2026-4038 - The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privi

CVE-2026-32946 - Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versio

CVE-2026-32945 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-32942 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-32941 - Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and

CVE-2026-32940 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an in

CVE-2026-32939 - DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsi

CVE-2026-32938 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2Bl

CVE-2026-32114 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-4467 - A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file

CVE-2026-33063 - free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Nu

CVE-2026-33062 - free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input

CVE-2026-32937 - free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds s

CVE-2026-32935 - phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 th

CVE-2026-32933 - AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 a

CVE-2026-32891 - Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items a

CVE-2026-32890 - Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items a

CVE-2026-32889 - tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who ca

CVE-2026-32888 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-31869 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-31805 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30891 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30889 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30888 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-21992 - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST We

CVE-2026-4466 - A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the

CVE-2026-4465 - A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the fil

CVE-2026-4464 - Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4463 - Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4462 - Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pe

CVE-2026-4461 - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacke

CVE-2026-4460 - Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to per

CVE-2026-4459 - Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote a

CVE-2026-4458 - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convin

CVE-2026-4457 - Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potential

CVE-2026-4456 - Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote

CVE-2026-4455 - Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4454 - Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4453 - Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker t

CVE-2026-4452 - Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attac

CVE-2026-4451 - Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 al

CVE-2026-4450 - Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4449 - Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potent

CVE-2026-4448 - Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4447 - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacke

CVE-2026-4446 - Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to poten

CVE-2026-4445 - Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to poten

CVE-2026-4444 - Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker t

CVE-2026-4443 - Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker

CVE-2026-4442 - Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to po

CVE-2026-4441 - Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potenti

CVE-2026-4440 - Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote atta

CVE-2026-4439 - Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a r

CVE-2026-32881 - ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to

CVE-2026-32880 - ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to

CVE-2026-32875 - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versio

CVE-2026-32874 - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versio

CVE-2026-32873 - ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers functio

CVE-2026-32817 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents a

CVE-2026-32813 - Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbit

CVE-2026-32812 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted UR

CVE-2026-32811 - Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heim

CVE-2026-32808 - pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 a

CVE-2026-32711 - pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are

CVE-2026-32829 - lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and belo

CVE-2026-32828 - Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.

CVE-2026-32771 - The CTFer.io Monitoring component is in charge of the collection, process and storage of various sig

CVE-2026-32769 - Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.

CVE-2026-32767 - SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization

CVE-2026-33289 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-33288 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-32985 - Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vul

CVE-2026-32766 - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earl

CVE-2026-32765 - Rejected reason: This repository is no longer public.

CVE-2026-32764 - Rejected reason: This repository is no longer public.

CVE-2026-32763 - Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL i

CVE-2026-32761 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32760 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32759 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32758 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32757 - Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send hand

CVE-2026-32756 - Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unre

CVE-2026-32697 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29189 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29109 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29108 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-22737 - Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring We

CVE-2026-22735 - Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Event

CVE-2026-22733 - Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability

CVE-2026-3948 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-33408 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33395 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32818 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum modul

CVE-2026-32816 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, act

CVE-2026-32755 - Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership

CVE-2026-32721 - LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a s

CVE-2026-30874 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-29107 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29106 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29105 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29104 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29103 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29102 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29101 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29100 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29099 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29098 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29097 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29096 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-22732 - When applications specify HTTP response headers for servlet applications using Spring Security, ther

CVE-2026-22731 - Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability

CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u

CVE-2026-4159 - 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerabil

CVE-2026-33410 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33394 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33393 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33355 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32815 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoin

CVE-2026-32754 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208

CVE-2026-32753 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.2

CVE-2026-32752 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.2

CVE-2026-32751 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree

CVE-2026-32750 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/impo

CVE-2026-32194 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Bin

CVE-2026-32099 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32041 - OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during s

CVE-2026-32040 - OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exp

CVE-2026-32039 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySen

CVE-2026-32038 - OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trus

CVE-2026-32037 - OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configure

CVE-2026-32036 - OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allo

CVE-2026-32035 - OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voic

CVE-2026-32034 - OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control U

CVE-2026-32033 - OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolut

CVE-2026-32032 - OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell env

CVE-2026-32031 - OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in

CVE-2026-32030 - OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia

CVE-2026-32029 - OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value whe

CVE-2026-32028 - OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on

CVE-2026-32027 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-

CVE-2026-32026 - OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox me

CVE-2026-32025 - OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSo

CVE-2026-32024 - OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling th

CVE-2026-32023 - OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run a

CVE-2026-32022 - OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep to

CVE-2026-32021 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu all

CVE-2026-32020 - OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handl

CVE-2026-32019 - OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isP

CVE-2026-32018 - OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegi

CVE-2026-32017 - OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins

CVE-2026-32016 - OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the

CVE-2026-32015 - OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.

CVE-2026-32014 - OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platf

CVE-2026-32013 - OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.g

CVE-2026-32011 - OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers fo

CVE-2026-32010 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin confi

CVE-2026-32009 - OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist

CVE-2026-32008 - OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the

CVE-2026-32007 - OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental appl

CVE-2026-32006 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-

CVE-2026-32005 - OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive cal

CVE-2026-32004 - OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/chann

CVE-2026-32003 - OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the

CVE-2026-32002 - OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image t

CVE-2026-32001 - OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clie

CVE-2026-30873 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24

CVE-2026-30872 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-30871 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-29072 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-28282 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and