Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-42860 | HIGH | Patched | 8.5 | 2026-05-11 | The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet f… |
| CVE-2026-42865 | MEDIUM | Patched | 4.3 | 2026-05-11 | Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread e… |
| CVE-2026-43638 | MEDIUM | Patched | 5.4 | 2026-05-11 | Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `P… |
| CVE-2026-43639 | HIGH | Patched | 8.0 | 2026-05-11 | Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider vi… |
| CVE-2026-43640 | HIGH | Patched | 8.1 | 2026-05-11 | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated… |
| CVE-2026-43894 | MEDIUM | Patched | 6.2 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows du… |
| CVE-2026-43895 | MEDIUM | Patched | 4.4 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C … |
| CVE-2026-43896 | MEDIUM | Patched | 6.2 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfau… |
| CVE-2026-43995 | CRITICAL | Patched | 9.8 | 2026-05-11 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP c… |
| CVE-2026-44226 | MEDIUM | Patched | 5.3 | 2026-05-11 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled … |
| CVE-2026-44413 | HIGH | Patched | 8.2 | 2026-05-11 | In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access |
| CVE-2026-44658 | LOW | Patched | 2.4 | 2026-05-11 | Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed ar… |
| CVE-2026-44659 | MEDIUM | Patched | 4.7 | 2026-05-11 | Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of … |
| CVE-2026-44777 | MEDIUM | Patched | 5.5 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. |
| CVE-2026-44991 | MEDIUM | Patched | 4.2 | 2026-05-11 | OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wild… |
| CVE-2026-44992 | MEDIUM | Patched | 5.0 | 2026-05-11 | OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can re… |
| CVE-2026-44993 | MEDIUM | Patched | 5.4 | 2026-05-11 | OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attacke… |
| CVE-2026-44994 | MEDIUM | Patched | 5.3 | 2026-05-11 | OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitiv… |
| CVE-2026-44995 | HIGH | Patched | 7.3 | 2026-05-11 | OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary co… |
| CVE-2026-44996 | LOW | Patched | 3.7 | 2026-05-11 | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks.… |
| CVE-2026-44997 | MEDIUM | Patched | 4.3 | 2026-05-11 | OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth,… |
| CVE-2026-44998 | MEDIUM | Patched | 5.4 | 2026-05-11 | OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local ag… |
| CVE-2026-44999 | MEDIUM | Patched | 5.3 | 2026-05-11 | OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as tru… |
| CVE-2026-45000 | MEDIUM | Patched | 5.0 | 2026-05-11 | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can crea… |
| CVE-2026-45001 | HIGH | Patched | 7.1 | 2026-05-11 | OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted s… |