Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43581 | CRITICAL | 9.6 | OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access … | May 06, 2026 |
| CVE-2026-43580 | HIGH | 7.7 | OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including … | May 06, 2026 |
| CVE-2026-43579 | MEDIUM | 6.5 | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration … | May 06, 2026 |
| CVE-2026-43578 | CRITICAL | 9.1 | OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit … | May 06, 2026 |
| CVE-2026-43577 | MEDIUM | 6.5 | OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP … | May 06, 2026 |
| CVE-2026-43576 | HIGH | 7.7 | OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The … | May 06, 2026 |
| CVE-2026-43575 | CRITICAL | 9.8 | OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access … | May 06, 2026 |
| CVE-2026-40326 | UNKNOWN | — | Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in `csettings.cfc` does not properly validate … | May 06, 2026 |
| CVE-2026-40325 | UNKNOWN | — | Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens … | May 06, 2026 |
| CVE-2026-40309 | UNKNOWN | — | Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for … | May 06, 2026 |
| CVE-2026-40174 | UNKNOWN | — | Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens … | May 06, 2026 |
| CVE-2026-40171 | UNKNOWN | — | In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored … | May 06, 2026 |
| CVE-2026-40076 | UNKNOWN | — | OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint … | May 06, 2026 |
| CVE-2026-33441 | UNKNOWN | — | Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079. | May 06, 2026 |
| CVE-2026-8031 | MEDIUM | 5.3 | A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component … | May 06, 2026 |
| CVE-2026-8022 | LOW | 3.1 | Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to … | May 06, 2026 |
| CVE-2026-8021 | MEDIUM | 4.2 | Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to … | May 06, 2026 |
| CVE-2026-8020 | MEDIUM | 5.3 | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially … | May 06, 2026 |
| CVE-2026-8019 | MEDIUM | 5.4 | Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium … | May 06, 2026 |
| CVE-2026-8018 | HIGH | 8.1 | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. … | May 06, 2026 |
| CVE-2026-8017 | LOW | 3.1 | Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium … | May 06, 2026 |
| CVE-2026-8016 | HIGH | 8.8 | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | May 06, 2026 |
| CVE-2026-8015 | MEDIUM | 5.4 | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security … | May 06, 2026 |
| CVE-2026-8014 | MEDIUM | 4.3 | Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security … | May 06, 2026 |
| CVE-2026-8013 | MEDIUM | 4.3 | Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML … | May 06, 2026 |