CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-28499 LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27545 OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writab... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27524 OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject __proto... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27523 OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existen... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27522 OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from loca... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22217 OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22181 OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured... | 7.6 | HIGH | β | 0 |
| CVE-2026-22180 OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22179 OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper par... | 7.2 | HIGH | β | 0 |
| CVE-2026-22178 OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22177 OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22175 OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers lik... | 7.1 | HIGH | β | 0 |
| CVE-2026-22174 OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-22171 OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensio... | 8.2 | HIGH | β | 0 |
| CVE-2026-22170 OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restr... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22169 OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When ... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-22168 OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c whi... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29057 Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28674 xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the `AdminPaymentPluginUpload` endpoint lets admins upload any file to... | 7.2 | HIGH | β | 0 |
| CVE-2026-28673 xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containi... | 7.2 | HIGH | β | 0 |
| CVE-2026-27980 Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did no... | 7.5 | HIGH | β | 0 |
| CVE-2026-27979 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PP... | 7.5 | HIGH | β | 0 |
| CVE-2026-4355 A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of t... | 3.5 | LOW | β | 0 |
| CVE-2026-4354 A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of t... | 3.5 | LOW | β | 0 |
| CVE-2026-27978 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, `origin: null` was treated as a "missing" origin during Server Action CSR... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27977 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in `next dev`, cross-site protection for internal websocket endpoints cou... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27895 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly vali... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27894 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF e... | 8.8 | HIGH | β | 0 |
| CVE-2026-27811 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare/<service>/<server_ip>/... | 8.8 | HIGH | β | 0 |
| CVE-2026-27459 pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27448 pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled ex... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-26004 Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEv... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26001 The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from rep... | 7.1 | HIGH | β | 0 |
| CVE-2026-25937 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3856 IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmis... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22727 Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replac... | 7.5 | HIGH | β | 0 |
| CVE-2026-21994 Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0.... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20643 A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-1264 IBM Sterling B2B IntegratorΒ and IBM Sterling File GatewayΒ 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view ... | 7.1 | HIGH | β | 0 |
| CVE-2025-14031 IBM Sterling B2B Integrator andΒ and IBM Sterling File GatewayΒ 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to se... | 7.5 | HIGH | β | 0 |
| CVE-2026-4349 A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulat... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-32842 Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup fil... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32841 Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the g... | 8.1 | HIGH | β | 0 |
| CVE-2026-32840 Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manip... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-32839 Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32838 Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept manageme... | 7.5 | HIGH | β | 0 |
| CVE-2026-1376 IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. | 7.5 | HIGH | β | 0 |
| CVE-2026-1267 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14806 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-2809 Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.