Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21951
Total
1564
Critical
6675
High
7022
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54231 | MEDIUM | 5.5 | A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries … | Jun 13, 2026 |
| CVE-2026-54230 | HIGH | 7.0 | A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the … | Jun 13, 2026 |
| CVE-2026-54229 | HIGH | 7.0 | A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership … | Jun 13, 2026 |
| CVE-2026-54228 | HIGH | 7.8 | A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local … | Jun 13, 2026 |
| CVE-2026-12089 | MEDIUM | 4.9 | The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, … | Jun 13, 2026 |
| CVE-2026-11443 | MEDIUM | 4.6 | Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required … | Jun 13, 2026 |
| CVE-2026-11442 | MEDIUM | 6.5 | Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to … | Jun 13, 2026 |
| CVE-2026-6676 | HIGH | 7.8 | Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of … | Jun 12, 2026 |
| CVE-2026-12068 | HIGH | 7.4 | Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled … | Jun 12, 2026 |
| CVE-2025-9033 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-9032 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of … | Jun 12, 2026 |
| CVE-2025-14098 | HIGH | 7.8 | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of … | Jun 12, 2026 |
| CVE-2026-54398 | UNKNOWN | — | An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within … | Jun 12, 2026 |
| CVE-2026-54095 | UNKNOWN | — | Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE … | Jun 12, 2026 |
| CVE-2026-53868 | HIGH | 7.5 | Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock … | Jun 12, 2026 |
| CVE-2026-53867 | MEDIUM | 4.3 | Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files … | Jun 12, 2026 |
| CVE-2026-53839 | MEDIUM | 6.5 | OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this … | Jun 12, 2026 |
| CVE-2026-53838 | CRITICAL | 9.8 | OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection … | Jun 12, 2026 |
| CVE-2026-53837 | LOW | 3.7 | OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM … | Jun 12, 2026 |
| CVE-2026-53836 | HIGH | 8.8 | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized … | Jun 12, 2026 |
| CVE-2026-53835 | MEDIUM | 4.3 | OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured … | Jun 12, 2026 |
| CVE-2026-53834 | HIGH | 7.5 | OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke … | Jun 12, 2026 |
| CVE-2026-53833 | HIGH | 7.7 | OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers … | Jun 12, 2026 |
| CVE-2026-53832 | HIGH | 7.7 | OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway … | Jun 12, 2026 |
| CVE-2026-53831 | HIGH | 8.3 | OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated … | Jun 12, 2026 |