CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-27485 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlink... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27486 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without v... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27487 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into ... | 7.6 | HIGH | — | 0 |
| CVE-2026-27488 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal ... | 7.3 | HIGH | — | 0 |
| CVE-2026-27576 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.sen... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-2870 A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in st... | 8.8 | HIGH | — | 0 |
| CVE-2026-2871 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2026-2872 A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration E... | 8.8 | HIGH | — | 0 |
| CVE-2026-2873 A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime... | 8.8 | HIGH | — | 0 |
| CVE-2026-2874 A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to sta... | 8.8 | HIGH | — | 0 |
| CVE-2026-2876 A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-base... | 8.8 | HIGH | — | 0 |
| CVE-2026-2877 A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypt... | 8.8 | HIGH | — | 0 |
| CVE-2026-2881 A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpo... | 8.8 | HIGH | — | 0 |
| CVE-2026-2882 A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-b... | 8.8 | HIGH | — | 0 |
| CVE-2026-2883 A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-base... | 8.8 | HIGH | — | 0 |
| CVE-2026-2884 A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The ma... | 8.8 | HIGH | — | 0 |
| CVE-2026-2885 A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results i... | 8.8 | HIGH | — | 0 |
| CVE-2026-2886 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer... | 8.8 | HIGH | — | 0 |
| CVE-2026-2887 A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontroll... | 3.3 | LOW | — | 0 |
| CVE-2026-2889 A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only ... | 3.3 | LOW | — | 0 |
| CVE-2026-2894 A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to informa... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2903 A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can... | 3.3 | LOW | — | 0 |
| CVE-2026-2904 A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack ca... | 8.8 | HIGH | — | 0 |
| CVE-2026-2905 A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2026-2906 A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argume... | 8.8 | HIGH | — | 0 |
| CVE-2026-2907 A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This m... | 8.8 | HIGH | — | 0 |
| CVE-2026-2908 A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configurat... | 8.8 | HIGH | — | 0 |
| CVE-2026-2909 A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pin... | 8.8 | HIGH | — | 0 |
| CVE-2026-2910 A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer o... | 8.8 | HIGH | — | 0 |
| CVE-2026-2911 A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2912 A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-2913 A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer... | 2.5 | LOW | — | 0 |
| CVE-2026-2925 A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Perfo... | 8.8 | HIGH | — | 0 |
| CVE-2019-25366 microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attacke... | 8.2 | HIGH | — | 0 |
| CVE-2026-2932 A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Perfor... | 2.4 | LOW | — | 0 |
| CVE-2026-2933 A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation... | 2.4 | LOW | — | 0 |
| CVE-2026-2385 The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all ve... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2934 A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The m... | 2.4 | LOW | — | 0 |
| CVE-2026-2935 A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lea... | 7.2 | HIGH | — | 0 |
| CVE-2026-2938 A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation... | 7.3 | HIGH | — | 0 |
| CVE-2026-1241 The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, a... | N/A | NONE | — | 0 |
| CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can i... | 7.5 | HIGH | — | 0 |
| CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attacke... | 7.5 | HIGH | — | 0 |
| CVE-2026-2947 A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component Us... | 3.5 | LOW | — | 0 |
| CVE-2026-2952 A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxarg... | 7.3 | HIGH | — | 0 |
| CVE-2026-2953 A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-25455 Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25456 Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can sen... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-25457 Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can s... | 7.5 | HIGH | — | 0 |
| CVE-2019-25458 Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.