CVE-2026-5186 - A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_

CVE-2026-5185 - A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi

CVE-2026-5184 - A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown

CVE-2026-3881 - The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a

CVE-2026-5183 - A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the functio

CVE-2026-5182 - A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown functi

CVE-2026-34881 - OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Fo

CVE-2026-1877 - The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1834 - The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2026-5181 - A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This i

CVE-2026-5180 - A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability af

CVE-2026-5179 - A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects a

CVE-2026-4146 - The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘upd

CVE-2026-1797 - The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sens

CVE-2026-1710 - The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized

CVE-2026-5178 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by th

CVE-2026-5177 - A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerabi

CVE-2026-34073 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-34070 - LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22,

CVE-2026-34060 - Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp ve

CVE-2026-34054 - vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows bui

CVE-2026-34043 - Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to

CVE-2026-34042 - act is a project which allows for local running of github actions. Prior to version 0.2.86, act's bu

CVE-2026-34041 - act is a project which allows for local running of github actions. Prior to version 0.2.86, act unco

CVE-2026-34040 - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be

CVE-2026-34036 - Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar

CVE-2026-33997 - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be

CVE-2026-32727 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enf

CVE-2026-32716 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enf

CVE-2026-32714 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Key

CVE-2026-5176 - A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the funct

CVE-2026-4020 - The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all version

CVE-2026-3300 - The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injec

CVE-2026-5115 - The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable

CVE-2026-4794 - Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authentic

CVE-2026-32734 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-si

CVE-2026-30940 - baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability

CVE-2026-30880 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command inje

CVE-2026-30879 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scrip

CVE-2026-30878 - baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API al

CVE-2026-30877 - baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injectio

CVE-2026-27697 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vu

CVE-2026-21861 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command

CVE-2025-32957 - baserCMS is a website development framework. Prior to version 5.2.3, the application's restore funct

CVE-2026-5157 - A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unkn

CVE-2026-5156 - A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of th

CVE-2026-5155 - A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file

CVE-2026-5154 - A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function from

CVE-2026-5130 - The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escal

CVE-2026-5153 - A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of

CVE-2026-4257 - The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (

CVE-2026-33995 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-f

CVE-2026-33987 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persist

CVE-2026-33986 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ens

CVE-2026-33985 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data

CVE-2026-33984 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_

CVE-2026-33983 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressiv

CVE-2026-33982 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a

CVE-2026-33977 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a maliciou

CVE-2026-33952 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalid

CVE-2026-32794 - Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider co

CVE-2026-5152 - A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of t

CVE-2026-4789 - Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

CVE-2026-34558 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34557 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-32884 - Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certific

CVE-2026-32883 - Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path v

CVE-2026-32877 - Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decrypt

CVE-2026-32696 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, afte

CVE-2026-31946 - OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and comm

CVE-2026-30313 - DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability tha

CVE-2026-30308 - In its design for automatic terminal command execution, HAI Build Code Generator offers two options:

CVE-2026-30306 - In its design for automatic terminal command execution, SakaDev offers two options: Execute safe com

CVE-2026-28228 - OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and comm

CVE-2026-27599 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-27018 - Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for

CVE-2026-25627 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoM

CVE-2026-5150 - A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affect

CVE-2026-5148 - A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unkno

CVE-2026-33026 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui back

CVE-2026-32275 - Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 t

CVE-2026-31831 - Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17

CVE-2026-31804 - Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17

CVE-2026-31799 - Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 t

CVE-2026-30307 - Roo Code's command auto-approval module contains a critical OS command injection vulnerability that

CVE-2026-30305 - Syntx's command auto-approval module contains a critical OS command injection vulnerability that ren

CVE-2026-28505 - Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17

CVE-2026-21717 - A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric va

CVE-2026-21716 - An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the pro

CVE-2026-21715 - A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without

CVE-2026-21714 - A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0

CVE-2026-21713 - A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provide

CVE-2026-21711 - A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operat

CVE-2026-21710 - A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received wi

CVE-2026-5147 - A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown par

CVE-2026-3991 - Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1

CVE-2026-3502 - TrueConf Client downloads application update code and applies it without performing verification. An

CVE-2026-34714 - Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in th

CVE-2026-29925 - Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckData

CVE-2026-29924 - Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload fu

CVE-2026-5126 - A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function

CVE-2026-5125 - A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is

CVE-2026-4046 - The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion fa

CVE-2026-33032 - Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui

CVE-2026-33030 - Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI con

CVE-2026-33029 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validati

CVE-2026-33028 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui appl

CVE-2026-33027 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui conf

CVE-2026-30077 - OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures res

CVE-2026-29872 - A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commi

CVE-2025-66215 - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with

CVE-2025-66038 - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_fin

CVE-2025-66037 - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted

CVE-2025-49010 - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with

CVE-2026-5124 - A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHe

CVE-2026-29954 - In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerabilit

CVE-2026-29909 - MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management

CVE-2026-27508 - Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerab

CVE-2026-26352 - Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerabili

CVE-2026-5170 - A user with access to the cluster with a limited set of privilege actions can trigger a crash of a m

CVE-2026-5123 - A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes

CVE-2026-34472 - Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.

CVE-2026-33643 - SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert

CVE-2026-30562 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30561 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30560 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30559 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30558 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30557 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30556 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-2287 - CrewAI does not properly check that Docker is still running during runtime, and will fall back to a

CVE-2026-2286 - CrewAI contains a server-side request forgery vulnerability that enables content acquisition from in

CVE-2026-2285 - CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files w

CVE-2026-2275 - The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can e

CVE-2026-29953 - SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert func

CVE-2026-29597 - Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allo

CVE-2026-21712 - A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is c

CVE-2026-5165 - A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device u

CVE-2026-5164 - A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number o

CVE-2026-5122 - A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromB

CVE-2026-33373 - An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (C

CVE-2026-30566 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30565 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30564 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30563 - A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Syste

CVE-2026-30082 - Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Packa

CVE-2026-3321 - A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/an

CVE-2026-28528 - BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP

CVE-2026-28527 - BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP

CVE-2026-28526 - BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP

CVE-2026-4315 - A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a

CVE-2026-4266 - An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obta

CVE-2026-4425 - Rejected reason: Reserved for EastLink case, but no need for CVE anymore

CVE-2019-25655 - Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local a

CVE-2019-25654 - Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the

CVE-2019-25653 - Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to

CVE-2018-25235 - NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Se

CVE-2018-25234 - SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to

CVE-2018-25233 - WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash

CVE-2018-25232 - Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to

CVE-2018-25231 - HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash

CVE-2018-25230 - Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash t

CVE-2018-25229 - BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configurat

CVE-2018-25228 - NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local

CVE-2018-25227 - Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to cra

CVE-2018-25226 - FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash t

CVE-2026-1612 - AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to acces

CVE-2026-5128 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-5121 - A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the z

CVE-2026-4416 - The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnera

CVE-2026-4415 - Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pa

CVE-2026-3945 - An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to an

CVE-2026-2328 - An unauthenticated remote attacker can exploit insufficient input validation to access backend compo

CVE-2026-25704 - A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili

CVE-2025-3716 - User enumeration in ESET Protect (on-prem) via Response Timing.

CVE-2025-15379 - A command injection vulnerability exists in MLflow's model serving container initialization code, sp

CVE-2026-5119 - A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit

CVE-2026-5107 - A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type

CVE-2026-5106 - A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown

CVE-2026-5105 - A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the

CVE-2026-5104 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is th

CVE-2026-5103 - A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the fun

CVE-2026-3124 - The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v

CVE-2025-15036 - A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/py

CVE-2026-5102 - A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability af

CVE-2026-2370 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9

CVE-2025-7741 - Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded pa

CVE-2026-5101 - A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function

CVE-2026-4176 - Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9

CVE-2026-4946 - Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically e

CVE-2026-0562 - A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated u

CVE-2026-0560 - A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0

CVE-2026-0558 - A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users

CVE-2026-34005 - In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injec

CVE-2026-5046 - A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the

CVE-2026-5045 - A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet o

CVE-2026-5044 - A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function form

CVE-2026-33575 - OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup cod

CVE-2026-33574 - OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer th

CVE-2026-33573 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC th

CVE-2026-33572 - OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissio

CVE-2026-32987 - OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verifica

CVE-2026-32980 - OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-

CVE-2026-32979 - OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute

CVE-2026-32978 - OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fa

CVE-2026-32975 - OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode tha

CVE-2026-32974 - OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode whe

CVE-2026-32973 - OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlist

CVE-2026-32972 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated oper

CVE-2026-32924 - OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction event

CVE-2026-32923 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction i

CVE-2026-32922 - OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that

CVE-2026-32919 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped calle

CVE-2026-32918 - OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool

CVE-2026-32915 - OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents t

CVE-2026-32914 - OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /

CVE-2026-23400 - In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notificat

CVE-2026-5043 - A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formS

CVE-2026-5042 - A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function

CVE-2026-5041 - A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0

CVE-2026-5037 - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of th

CVE-2026-5036 - A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhc

CVE-2026-5035 - A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part

CVE-2026-5034 - A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown

CVE-2026-5033 - A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability

CVE-2026-5031 - A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown func

CVE-2026-5030 - A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the fun

CVE-2026-5024 - A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of th

CVE-2026-5023 - A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275

CVE-2026-5021 - A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the fi

CVE-2026-2602 - The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImage

CVE-2026-5020 - A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is th

CVE-2026-4851 - GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserializa

CVE-2026-5019 - A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected b

CVE-2026-5018 - A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown

CVE-2026-5017 - A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an u

CVE-2026-5016 - A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of th

CVE-2026-5015 - A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown fun

CVE-2026-5014 - A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.j

CVE-2026-5013 - A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of

CVE-2026-5012 - A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the f

CVE-2026-5011 - A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function

CVE-2026-5007 - A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRep

CVE-2026-3256 - HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HT

CVE-2025-15604 - Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functi

CVE-2026-5004 - A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC

CVE-2026-5003 - A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054.

CVE-2026-5002 - A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b

CVE-2026-5001 - A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The

CVE-2026-5000 - A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b05