Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21951
Total
1564
Critical
6675
High
7022
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53830 | MEDIUM | 6.5 | OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers … | Jun 12, 2026 |
| CVE-2026-53829 | HIGH | 8.0 | OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with … | Jun 12, 2026 |
| CVE-2026-53828 | HIGH | 8.8 | OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers … | Jun 12, 2026 |
| CVE-2026-53827 | MEDIUM | 6.5 | OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback … | Jun 12, 2026 |
| CVE-2026-53826 | MEDIUM | 4.3 | OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this … | Jun 12, 2026 |
| CVE-2026-53825 | MEDIUM | 6.5 | OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local … | Jun 12, 2026 |
| CVE-2026-53824 | MEDIUM | 6.5 | OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit … | Jun 12, 2026 |
| CVE-2026-53823 | HIGH | 8.1 | OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can … | Jun 12, 2026 |
| CVE-2026-53822 | HIGH | 8.8 | OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist … | Jun 12, 2026 |
| CVE-2026-53821 | HIGH | 8.8 | OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can … | Jun 12, 2026 |
| CVE-2026-53820 | MEDIUM | 6.6 | OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. … | Jun 12, 2026 |
| CVE-2026-53609 | CRITICAL | 9.1 | ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an authenticated … | Jun 12, 2026 |
| CVE-2026-53608 | HIGH | 8.7 | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) … | Jun 12, 2026 |
| CVE-2026-53523 | MEDIUM | 6.8 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 … | Jun 12, 2026 |
| CVE-2026-53522 | MEDIUM | 6.5 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two … | Jun 12, 2026 |
| CVE-2026-53521 | MEDIUM | 6.4 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists … | Jun 12, 2026 |
| CVE-2026-53520 | MEDIUM | 6.5 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the … | Jun 12, 2026 |
| CVE-2026-53519 | CRITICAL | 9.1 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any … | Jun 12, 2026 |
| CVE-2026-49397 | MEDIUM | 5.3 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are … | Jun 12, 2026 |
| CVE-2026-49396 | HIGH | 7.1 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger … | Jun 12, 2026 |
| CVE-2026-48119 | HIGH | 7.1 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor … | Jun 12, 2026 |
| CVE-2026-47268 | MEDIUM | 6.4 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user … | Jun 12, 2026 |
| CVE-2026-47124 | MEDIUM | 6.5 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can … | Jun 12, 2026 |
| CVE-2026-47120 | HIGH | 7.1 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other … | Jun 12, 2026 |
| CVE-2026-46717 | HIGH | 7.7 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user … | Jun 12, 2026 |