Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21951
Total
1564
Critical
6675
High
7022
Medium
CVE ID Severity Score Description Published
CVE-2026-53830 MEDIUM 6.5 OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers … Jun 12, 2026
CVE-2026-53829 HIGH 8.0 OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with … Jun 12, 2026
CVE-2026-53828 HIGH 8.8 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers … Jun 12, 2026
CVE-2026-53827 MEDIUM 6.5 OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback … Jun 12, 2026
CVE-2026-53826 MEDIUM 4.3 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this … Jun 12, 2026
CVE-2026-53825 MEDIUM 6.5 OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local … Jun 12, 2026
CVE-2026-53824 MEDIUM 6.5 OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit … Jun 12, 2026
CVE-2026-53823 HIGH 8.1 OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can … Jun 12, 2026
CVE-2026-53822 HIGH 8.8 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist … Jun 12, 2026
CVE-2026-53821 HIGH 8.8 OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can … Jun 12, 2026
CVE-2026-53820 MEDIUM 6.6 OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. … Jun 12, 2026
CVE-2026-53609 CRITICAL 9.1 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an authenticated … Jun 12, 2026
CVE-2026-53608 HIGH 8.7 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) … Jun 12, 2026
CVE-2026-53523 MEDIUM 6.8 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 … Jun 12, 2026
CVE-2026-53522 MEDIUM 6.5 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two … Jun 12, 2026
CVE-2026-53521 MEDIUM 6.4 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists … Jun 12, 2026
CVE-2026-53520 MEDIUM 6.5 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the … Jun 12, 2026
CVE-2026-53519 CRITICAL 9.1 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any … Jun 12, 2026
CVE-2026-49397 MEDIUM 5.3 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are … Jun 12, 2026
CVE-2026-49396 HIGH 7.1 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger … Jun 12, 2026
CVE-2026-48119 HIGH 7.1 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor … Jun 12, 2026
CVE-2026-47268 MEDIUM 6.4 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user … Jun 12, 2026
CVE-2026-47124 MEDIUM 6.5 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can … Jun 12, 2026
CVE-2026-47120 HIGH 7.1 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other … Jun 12, 2026
CVE-2026-46717 HIGH 7.7 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user … Jun 12, 2026