Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22193
Total
1583
Critical
6780
High
7106
Medium
CVE ID Severity Score Description Published
CVE-2026-12008 HIGH 8.3 Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a … Jun 11, 2026
CVE-2026-12007 HIGH 8.8 Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML … Jun 11, 2026
CVE-2026-53819 HIGH 8.8 OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with … Jun 11, 2026
CVE-2026-53818 MEDIUM 6.6 OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. … Jun 11, 2026
CVE-2026-53817 HIGH 8.8 OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable … Jun 11, 2026
CVE-2026-53816 HIGH 7.2 OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. … Jun 11, 2026
CVE-2026-53815 MEDIUM 6.5 OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not … Jun 11, 2026
CVE-2026-53814 HIGH 8.3 OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a … Jun 11, 2026
CVE-2026-53813 HIGH 7.8 OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected … Jun 11, 2026
CVE-2026-53812 HIGH 7.7 OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. … Jun 11, 2026
CVE-2026-53811 HIGH 8.8 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name … Jun 11, 2026
CVE-2026-53810 HIGH 8.8 OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access … Jun 11, 2026
CVE-2026-53809 LOW 3.8 OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical … Jun 11, 2026
CVE-2026-53808 MEDIUM 6.5 OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite … Jun 11, 2026
CVE-2026-53807 HIGH 8.8 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks … Jun 11, 2026
CVE-2026-53806 HIGH 8.8 OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by … Jun 11, 2026
CVE-2026-50245 HIGH 7.7 Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera … Jun 11, 2026
CVE-2026-50005 HIGH 7.7 Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. Jun 11, 2026
CVE-2026-41005 CRITICAL 9.0 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two … Jun 11, 2026
CVE-2026-53782 HIGH 7.4 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript … Jun 11, 2026
CVE-2026-53781 MEDIUM 4.3 Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size … Jun 11, 2026
CVE-2026-49973 CRITICAL 9.4 Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter … Jun 11, 2026
CVE-2026-49949 MEDIUM 5.3 CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared … Jun 11, 2026
CVE-2026-46622 HIGH 8.1 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in … Jun 11, 2026
CVE-2026-46489 HIGH 8.1 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can … Jun 11, 2026