Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35626 | MEDIUM | 5.3 | OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send … | Apr 09, 2026 |
| CVE-2026-35625 | HIGH | 7.8 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers … | Apr 09, 2026 |
| CVE-2026-35624 | MEDIUM | 4.2 | OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly … | Apr 09, 2026 |
| CVE-2026-35623 | MEDIUM | 4.8 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can … | Apr 09, 2026 |
| CVE-2026-35622 | MEDIUM | 5.9 | OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can … | Apr 09, 2026 |
| CVE-2026-35618 | MEDIUM | 6.5 | OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The … | Apr 09, 2026 |
| CVE-2026-35617 | MEDIUM | 4.2 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group … | Apr 09, 2026 |
| CVE-2026-34512 | HIGH | 8.1 | OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions … | Apr 09, 2026 |
| CVE-2026-33797 | HIGH | 7.4 | An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet … | Apr 09, 2026 |
| CVE-2026-33793 | HIGH | 7.8 | An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker … | Apr 09, 2026 |
| CVE-2026-33791 | MEDIUM | 6.7 | An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, … | Apr 09, 2026 |
| CVE-2026-33790 | HIGH | 7.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker … | Apr 09, 2026 |
| CVE-2026-33788 | HIGH | 7.8 | A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, … | Apr 09, 2026 |
| CVE-2026-33787 | MEDIUM | 5.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and … | Apr 09, 2026 |
| CVE-2026-33786 | MEDIUM | 5.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 … | Apr 09, 2026 |
| CVE-2026-33785 | HIGH | 8.8 | A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute … | Apr 09, 2026 |
| CVE-2026-33784 | CRITICAL | 9.8 | A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full … | Apr 09, 2026 |
| CVE-2026-33783 | MEDIUM | 6.5 | A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated … | Apr 09, 2026 |
| CVE-2026-33782 | MEDIUM | 6.5 | A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, … | Apr 09, 2026 |
| CVE-2026-33781 | MEDIUM | 6.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX … | Apr 09, 2026 |
| CVE-2026-33780 | MEDIUM | 6.5 | A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS … | Apr 09, 2026 |
| CVE-2026-33779 | MEDIUM | 6.5 | An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept … | Apr 09, 2026 |
| CVE-2026-33778 | HIGH | 7.5 | An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX … | Apr 09, 2026 |
| CVE-2026-33776 | MEDIUM | 5.5 | A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read … | Apr 09, 2026 |
| CVE-2026-33775 | MEDIUM | 6.5 | A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series … | Apr 09, 2026 |