Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21951
Total
1564
Critical
6675
High
7022
Medium
CVE ID Severity Score Description Published
CVE-2026-54231 MEDIUM 5.5 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries … Jun 13, 2026
CVE-2026-54230 HIGH 7.0 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the … Jun 13, 2026
CVE-2026-54229 HIGH 7.0 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership … Jun 13, 2026
CVE-2026-54228 HIGH 7.8 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local … Jun 13, 2026
CVE-2026-12089 MEDIUM 4.9 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, … Jun 13, 2026
CVE-2026-11443 MEDIUM 4.6 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required … Jun 13, 2026
CVE-2026-11442 MEDIUM 6.5 Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to … Jun 13, 2026
CVE-2026-6676 HIGH 7.8 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of … Jun 12, 2026
CVE-2026-12068 HIGH 7.4 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled … Jun 12, 2026
CVE-2025-9033 HIGH 7.8 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … Jun 12, 2026
CVE-2025-9032 HIGH 7.8 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of … Jun 12, 2026
CVE-2025-14098 HIGH 7.8 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of … Jun 12, 2026
CVE-2026-54398 UNKNOWN An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within … Jun 12, 2026
CVE-2026-54095 UNKNOWN Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE … Jun 12, 2026
CVE-2026-53868 HIGH 7.5 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock … Jun 12, 2026
CVE-2026-53867 MEDIUM 4.3 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files … Jun 12, 2026
CVE-2026-53839 MEDIUM 6.5 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this … Jun 12, 2026
CVE-2026-53838 CRITICAL 9.8 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection … Jun 12, 2026
CVE-2026-53837 LOW 3.7 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM … Jun 12, 2026
CVE-2026-53836 HIGH 8.8 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized … Jun 12, 2026
CVE-2026-53835 MEDIUM 4.3 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured … Jun 12, 2026
CVE-2026-53834 HIGH 7.5 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke … Jun 12, 2026
CVE-2026-53833 HIGH 7.7 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers … Jun 12, 2026
CVE-2026-53832 HIGH 7.7 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway … Jun 12, 2026
CVE-2026-53831 HIGH 8.3 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated … Jun 12, 2026