Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11037
Total
752
Critical
3191
High
3530
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35650 | HIGH | 7.5 | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers … | Apr 10, 2026 |
| CVE-2026-35649 | MEDIUM | 6.5 | OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit … | Apr 10, 2026 |
| CVE-2026-35648 | LOW | 3.7 | OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale … | Apr 10, 2026 |
| CVE-2026-35647 | MEDIUM | 5.3 | OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices … | Apr 10, 2026 |
| CVE-2026-35643 | HIGH | 8.8 | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious … | Apr 10, 2026 |
| CVE-2026-35641 | HIGH | 7.8 | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a … | Apr 10, 2026 |
| CVE-2026-35621 | MEDIUM | 6.5 | OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to … | Apr 10, 2026 |
| CVE-2026-35620 | MEDIUM | 5.4 | OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only … | Apr 10, 2026 |
| CVE-2026-35619 | MEDIUM | 4.3 | OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals … | Apr 10, 2026 |
| CVE-2026-35602 | MEDIUM | 5.4 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata … | Apr 10, 2026 |
| CVE-2026-35601 | MEDIUM | 4.1 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying … | Apr 10, 2026 |
| CVE-2026-35600 | MEDIUM | 5.4 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without … | Apr 10, 2026 |
| CVE-2026-35599 | MEDIUM | 6.5 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an O(n) loop that advances a date by the task's … | Apr 10, 2026 |
| CVE-2026-35598 | MEDIUM | 4.3 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without … | Apr 10, 2026 |
| CVE-2026-35597 | MEDIUM | 5.9 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. … | Apr 10, 2026 |
| CVE-2026-35596 | MEDIUM | 4.3 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user … | Apr 10, 2026 |
| CVE-2026-35595 | HIGH | 8.3 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when … | Apr 10, 2026 |
| CVE-2026-22560 | UNKNOWN | — | An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | Apr 10, 2026 |
| CVE-2026-40228 | LOW | 2.9 | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes … | Apr 10, 2026 |
| CVE-2026-40227 | MEDIUM | 6.2 | In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has … | Apr 10, 2026 |
| CVE-2026-40226 | MEDIUM | 6.4 | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | Apr 10, 2026 |
| CVE-2026-40225 | MEDIUM | 6.4 | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | Apr 10, 2026 |
| CVE-2026-40224 | MEDIUM | 6.7 | In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. | Apr 10, 2026 |
| CVE-2026-40223 | MEDIUM | 4.7 | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running. | Apr 10, 2026 |
| CVE-2026-40023 | UNKNOWN | — | Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and … | Apr 10, 2026 |