Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21987
Total
1565
Critical
6684
High
7043
Medium
CVE ID Severity Score Description Published
CVE-2026-53815 MEDIUM 6.5 OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not … Jun 11, 2026
CVE-2026-53814 HIGH 8.3 OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a … Jun 11, 2026
CVE-2026-53813 HIGH 7.8 OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected … Jun 11, 2026
CVE-2026-53812 HIGH 7.7 OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. … Jun 11, 2026
CVE-2026-53811 HIGH 8.8 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name … Jun 11, 2026
CVE-2026-53810 HIGH 8.8 OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access … Jun 11, 2026
CVE-2026-53809 LOW 3.8 OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical … Jun 11, 2026
CVE-2026-53808 MEDIUM 6.5 OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite … Jun 11, 2026
CVE-2026-53807 HIGH 8.8 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks … Jun 11, 2026
CVE-2026-53806 HIGH 8.8 OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by … Jun 11, 2026
CVE-2026-50245 HIGH 7.7 Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera … Jun 11, 2026
CVE-2026-50005 HIGH 7.7 Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. Jun 11, 2026
CVE-2026-41005 CRITICAL 9.0 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two … Jun 11, 2026
CVE-2026-53782 HIGH 7.4 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript … Jun 11, 2026
CVE-2026-53781 MEDIUM 4.3 Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size … Jun 11, 2026
CVE-2026-49973 CRITICAL 9.4 Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter … Jun 11, 2026
CVE-2026-49949 MEDIUM 5.3 CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared … Jun 11, 2026
CVE-2026-46622 HIGH 8.1 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in … Jun 11, 2026
CVE-2026-46489 HIGH 8.1 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can … Jun 11, 2026
CVE-2026-45802 UNKNOWN FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version … Jun 11, 2026
CVE-2026-45175 UNKNOWN Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in … Jun 11, 2026
CVE-2026-12038 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … Jun 11, 2026
CVE-2026-53702 MEDIUM 6.5 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses … Jun 11, 2026
CVE-2026-53701 MEDIUM 6.5 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates … Jun 11, 2026
CVE-2026-52860 UNKNOWN Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current … Jun 11, 2026