CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-71260 BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to ... | 8.8 | HIGH | — | 0 |
| CVE-2026-22557 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to a... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-22558 An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. | 7.7 | HIGH | — | 0 |
| CVE-2026-27043 Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a through 7.7.5. | 7.2 | HIGH | — | 0 |
| CVE-2026-2369 A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially acce... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30402 An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23658 Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | — | 0 |
| CVE-2026-23659 Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. | 8.6 | HIGH | — | 0 |
| CVE-2026-24299 Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26136 Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26138 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | — | 0 |
| CVE-2026-26139 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | — | 0 |
| CVE-2026-27166 Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to tr... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-26137 Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | — | 0 |
| CVE-2026-3579 wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operan... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-3580 In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-c... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-30924 qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials:... | N/A | NONE | — | 0 |
| CVE-2026-32191 Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32622 SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permissi... | 8.8 | HIGH | — | 0 |
| CVE-2026-30871 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-30873 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expr... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-32004 OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32005 OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Una... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-32006 OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and gro... | 3.1 | LOW | — | 0 |
| CVE-2026-32007 OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with sandbox access to modify files outside the workspace directo... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-32010 OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --co... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-32023 OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attac... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-32024 OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attack... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32038 OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32029 OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresse... | 3.7 | LOW | — | 0 |
| CVE-2026-32035 OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-32036 OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with e... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32037 OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attac... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-33355 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `/private-posts` endpoint did not apply post-type visibility filtering, allowing regul... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33410 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-4159 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeE... | N/A | NONE | — | 0 |
| CVE-2026-32829 lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized mem... | N/A | NONE | — | 0 |
| CVE-2026-32763 Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg... | 8.2 | HIGH | — | 0 |
| CVE-2026-32766 astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping ... | N/A | NONE | — | 0 |
| CVE-2026-32711 pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set... | 7.8 | HIGH | — | 0 |
| CVE-2026-32808 pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encry... | 8.1 | HIGH | — | 0 |
| CVE-2026-32811 Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of th... | 8.2 | HIGH | — | 0 |
| CVE-2026-32881 ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling me... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-30889 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts th... | N/A | NONE | — | 0 |
| CVE-2026-30891 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization chec... | N/A | NONE | — | 0 |
| CVE-2026-31805 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31869 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerController#mentions endpoint reveals hidden group membership to any authentica... | N/A | NONE | — | 0 |
| CVE-2026-32888 Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attr... | 8.8 | HIGH | — | 0 |
| CVE-2026-32889 tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 S... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32890 Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting (XSS) vulnera... | 9.6 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.