Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34210 | UNKNOWN | — | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when … | Mar 31, 2026 |
| CVE-2026-34209 | HIGH | 7.5 | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" … | Mar 31, 2026 |
| CVE-2026-34202 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic … | Mar 31, 2026 |
| CVE-2026-34200 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a … | Mar 31, 2026 |
| CVE-2026-34172 | UNKNOWN | — | Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as … | Mar 31, 2026 |
| CVE-2026-34165 | MEDIUM | 5.0 | go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which … | Mar 31, 2026 |
| CVE-2026-34163 | HIGH | 7.7 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL … | Mar 31, 2026 |
| CVE-2026-34162 | CRITICAL | 10.0 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint … | Mar 31, 2026 |
| CVE-2026-33762 | LOW | 2.8 | go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate … | Mar 31, 2026 |
| CVE-2026-33581 | MEDIUM | 6.5 | OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl … | Mar 31, 2026 |
| CVE-2026-33580 | MEDIUM | 6.5 | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who … | Mar 31, 2026 |
| CVE-2026-33579 | HIGH | 8.1 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. … | Mar 31, 2026 |
| CVE-2026-33578 | MEDIUM | 4.3 | OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open … | Mar 31, 2026 |
| CVE-2026-33577 | HIGH | 8.1 | OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. … | Mar 31, 2026 |
| CVE-2026-33576 | MEDIUM | 6.5 | OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to … | Mar 31, 2026 |
| CVE-2026-33276 | UNKNOWN | — | Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in … | Mar 31, 2026 |
| CVE-2026-30314 | UNKNOWN | — | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile … | Mar 31, 2026 |
| CVE-2026-30312 | UNKNOWN | — | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing … | Mar 31, 2026 |
| CVE-2026-30311 | UNKNOWN | — | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile … | Mar 31, 2026 |
| CVE-2026-30309 | HIGH | 7.8 | InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native … | Mar 31, 2026 |
| CVE-2026-29870 | HIGH | 7.6 | A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method … | Mar 31, 2026 |
| CVE-2026-20915 | UNKNOWN | — | Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into … | Mar 31, 2026 |
| CVE-2026-0596 | CRITICAL | 9.6 | A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash … | Mar 31, 2026 |
| CVE-2026-3308 | UNKNOWN | — | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow … | Mar 31, 2026 |
| CVE-2026-34156 | CRITICAL | 9.9 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside … | Mar 31, 2026 |