Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-45002 | MEDIUM | Patched | 5.3 | 2026-05-11 | OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attacker… |
| CVE-2026-45003 | MEDIUM | Patched | 5.0 | 2026-05-11 | OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace … |
| CVE-2026-45004 | HIGH | Patched | 7.8 | 2026-05-11 | OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider… |
| CVE-2026-45005 | MEDIUM | Patched | 6.0 | 2026-05-11 | OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with… |
| CVE-2026-45006 | HIGH | Patched | 8.8 | 2026-05-11 | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to… |
| CVE-2026-4890 | HIGH | 7.5 | 2026-05-11 | A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. | |
| CVE-2026-4891 | MEDIUM | 5.3 | 2026-05-11 | A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. | |
| CVE-2026-4892 | HIGH | 8.4 | 2026-05-11 | A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted D… | |
| CVE-2026-4893 | MEDIUM | 5.3 | 2026-05-11 | An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. | |
| CVE-2026-5172 | HIGH | 7.3 | 2026-05-11 | A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabli… | |
| CVE-2026-5266 | NONE | Patched | — | 2026-05-11 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/Ap… |
| CVE-2026-7210 | CRITICAL | Patched | 9.8 | 2026-05-11 | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r… |
| CVE-2026-7308 | NONE | Patched | — | 2026-05-11 | An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses tha… |
| CVE-2026-8305 | HIGH | Patched | 7.3 | 2026-05-11 | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monito… |
| CVE-2026-42864 | CRITICAL | Patched | 9.9 | 2026-05-11 | FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authenticat… |
| CVE-2026-42866 | NONE | Patched | — | 2026-05-11 | Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helper… |
| CVE-2026-42871 | NONE | Patched | — | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including da… |
| CVE-2026-43968 | MEDIUM | Patched | 4.0 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_s… |
| CVE-2026-43969 | LOW | Patched | 3.2 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie nam… |
| CVE-2026-45222 | MEDIUM | Patched | 6.1 | 2026-05-11 | Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readab… |
| CVE-2026-45223 | HIGH | Patched | 8.8 | 2026-05-11 | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject pa… |
| CVE-2026-45224 | HIGH | Patched | 7.1 | 2026-05-11 | Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths tha… |
| CVE-2026-7790 | NONE | Patched | — | 2026-05-11 | Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te a… |
| CVE-2026-8318 | MEDIUM | 5.3 | 2026-05-11 | A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of… | |
| CVE-2022-4988 | HIGH | 7.3 | 2026-05-11 | Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which … |