Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21901
Total
1562
Critical
6653
High
6999
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53842 | HIGH | 7.1 | OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. … | Jun 16, 2026 |
| CVE-2026-53841 | MEDIUM | 6.1 | OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute … | Jun 16, 2026 |
| CVE-2026-53840 | HIGH | 7.1 | OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an … | Jun 16, 2026 |
| CVE-2026-50656 | HIGH | 7.8 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are … | Jun 16, 2026 |
| CVE-2026-4367 | MEDIUM | 5.5 | A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a … | Jun 16, 2026 |
| CVE-2026-48775 | MEDIUM | 6.8 | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the … | Jun 16, 2026 |
| CVE-2026-47964 | HIGH | 7.8 | DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Jun 16, 2026 |
| CVE-2026-47963 | MEDIUM | 5.5 | DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could … | Jun 16, 2026 |
| CVE-2026-47934 | MEDIUM | 5.5 | DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could … | Jun 16, 2026 |
| CVE-2026-47927 | MEDIUM | 5.5 | DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could … | Jun 16, 2026 |
| CVE-2026-47749 | HIGH | 7.8 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are … | Jun 16, 2026 |
| CVE-2026-47748 | MEDIUM | 5.5 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are … | Jun 16, 2026 |
| CVE-2026-10748 | UNKNOWN | — | An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user … | Jun 16, 2026 |
| CVE-2024-39575 | HIGH | 7.4 | update_disk_psu_baseline.sh requires password in plain text | Jun 16, 2026 |
| CVE-2026-53776 | CRITICAL | 9.1 | Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false … | Jun 16, 2026 |
| CVE-2026-44932 | HIGH | 8.8 | Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server … | Jun 16, 2026 |
| CVE-2026-42089 | HIGH | 8.6 | Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 … | Jun 16, 2026 |
| CVE-2026-39927 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 16, 2026 |
| CVE-2026-39926 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 16, 2026 |
| CVE-2026-24228 | HIGH | 7.8 | NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead … | Jun 16, 2026 |
| CVE-2026-24155 | HIGH | 7.8 | NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, … | Jun 16, 2026 |
| CVE-2026-12412 | UNKNOWN | — | Rejected reason: loading template... | Jun 16, 2026 |
| CVE-2026-12003 | UNKNOWN | — | To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build … | Jun 16, 2026 |
| CVE-2026-10649 | HIGH | 8.6 | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a … | Jun 16, 2026 |
| CVE-2025-71261 | HIGH | 8.6 | An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse … | Jun 16, 2026 |