CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-34458	Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly	05.05.2026	9.3
CVE-2026-40329	SQL Injection vulnerability via sortBy in beanFeed	05.05.2026	9.3
CVE-2026-40330	Masa CMS SQL injection via sortDirection parameter in beanFeed	05.05.2026	9.3
CVE-2026-40331	Masa CMS unauthenticated SQL injection via altTable parameter in JSON API	05.05.2026	9.3
CVE-2026-33324	SQLBot prompt injection allows arbitrary SQL execution and remote code execution	05.05.2026	9.4
CVE-2026-34084	PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load	05.05.2026	9.2
CVE-2026-27960	OpenCTI privilege escalation and unauthenticated access via default admin account	05.05.2026	9.8
CVE-2026-7854	D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow	05.05.2026	9.3
CVE-2026-7853	D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow	05.05.2026	9.3
CVE-2026-7411		05.05.2026	10
CVE-2026-7834	EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow	05.05.2026	9.3
CVE-2023-54342	Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution	05.05.2026	9.3
CVE-2023-54344	Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console	05.05.2026	9.3
CVE-2026-43534	OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events	05.05.2026	9.3
CVE-2026-43566	OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events	05.05.2026	9.1
CVE-2026-40797	WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability	05.05.2026	9.3
CVE-2026-7823	Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection	05.05.2026	9.3
CVE-2026-5294	GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action	05.05.2026	9.8
CVE-2025-13618	Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration	05.05.2026	9.8
CVE-2026-5722	MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse	05.05.2026	9.8
CVE-2026-42238	Unauthenticated Remote Code Execution via Backup Restore in nginx-ui	05.05.2026	9
CVE-2026-41922	WDR201A WiFi Extender OS Command Injection via wireless.cgi	04.05.2026	9.3
CVE-2026-41923	WDR201A WiFi Extender OS Command Injection via internet.cgi	05.05.2026	9.3
CVE-2026-41924	WDR201A WiFi Extender OS Command Injection via makeRequest.cgi	04.05.2026	9.3
CVE-2026-41925	WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)	04.05.2026	9.3
CVE-2026-41926	WDR201A WiFi Extender OS Command Injection via firewall.cgi	04.05.2026	9.3
CVE-2026-42231	n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE	05.05.2026	9.4
CVE-2026-42232	n8n: XML Node Prototype Pollution to RCE	05.05.2026	9.4
CVE-2026-41571	Note Mark: OIDC-registered users authenticated by submitting password "null"	04.05.2026	9.4
CVE-2026-42087	OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base	05.05.2026	9.6
CVE-2026-42088	OpenC3 COSMOS: Administrative Actions via the Script Runner Tool	04.05.2026	9.6
CVE-2026-42796	Arelle < 2.39.10 Unauthenticated RCE via /rest/configure	04.05.2026	9.2
CVE-2026-24118	VM2 Sandbox Breakout Through __lookupGetter__	04.05.2026	9.8
CVE-2026-24120	vm2: Sandbox Breakout Through Promise Species	05.05.2026	9.8
CVE-2026-24781	vm2: Sandbox Breakout Through Inspect	04.05.2026	9.8
CVE-2026-25293	Incorrect authorization in PLC FW	05.05.2026	9.6
CVE-2026-26332	vm2: Sandbox Escape	04.05.2026	9.8
CVE-2026-26956	vm2: WASM Sandbox Escape (Node 25 only)	05.05.2026	9.8
CVE-2026-42076	Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution	05.05.2026	9.8
CVE-2026-42090	Notesnook: RCE via stored XSS in note export rendering	05.05.2026	9.6
CVE-2026-42810	Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names	04.05.2026	9.4
CVE-2026-42811	Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions	04.05.2026	9.4
CVE-2026-42373	D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials	05.05.2026	9.8
CVE-2026-42374	D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials	05.05.2026	9.8
CVE-2026-42375	D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials	05.05.2026	9.8
CVE-2026-42376	D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials	04.05.2026	9.8
CVE-2026-42809	Apache Polaris: staged table creation could vend storage credentials for unvalidated locations	04.05.2026	9.4
CVE-2026-42812	Apache Polaris: No protection on `write.metadata.path`	04.05.2026	9.4
CVE-2025-13605	Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway	04.05.2026	9.3
CVE-2025-14320	XSS in Tegsoft's Online Support Application	04.05.2026	9.8
CVE-2026-7747	Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow	04.05.2026	9.3
CVE-2026-29200		04.05.2026	9.9
CVE-2026-7719	Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow	05.05.2026	9.3
CVE-2026-42364	GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability	05.05.2026	9.9
CVE-2026-42368	GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability	05.05.2026	9.9
CVE-2026-42369	GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability	05.05.2026	10
CVE-2026-42370	GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability	05.05.2026	9
CVE-2026-7161	GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability	05.05.2026	9.3
CVE-2026-7372	GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability	05.05.2026	9
CVE-2026-4882	User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload	04.05.2026	9.8
CVE-2026-7458	User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint	04.05.2026	9.8
CVE-2026-37539		01.05.2026	9.8
CVE-2026-37541		01.05.2026	10
CVE-2026-37531		01.05.2026	9.8
CVE-2026-43011	net/x25: Fix potential double free of skb	03.05.2026	9.8
CVE-2026-43037	ip6_tunnel: clear skb2->cb[] in ip4ip6_err()	03.05.2026	9.8
CVE-2026-43038	ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()	03.05.2026	9.8
CVE-2026-43039	net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch	03.05.2026	9.8
CVE-2026-31705	ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment	03.05.2026	9.8
CVE-2026-31718	ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger	03.05.2026	9.8
CVE-2026-42778	Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)	02.05.2026	9.8
CVE-2026-42779	Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)	02.05.2026	9.8
CVE-2026-7567	Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover	01.05.2026	9.8
CVE-2026-42996		01.05.2026	10
CVE-2026-7546	Totolink NR1800X lighttpd find_host_ip stack-based overflow	01.05.2026	9.3
CVE-2026-7538	Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection	01.05.2026	9.3
CVE-2022-50993	Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet	30.04.2026	9.3
CVE-2025-71284	Synway SMG Gateway Management Software OS Command Injection via radius_address	30.04.2026	9.3
CVE-2026-4670	Improper Authentication vulnerability in Progress MOVEit Automation	01.05.2026	9.8
CVE-2018-25316	Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change	30.04.2026	9.3
CVE-2018-25317	Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change	30.04.2026	9.3
CVE-2018-25318	Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change	30.04.2026	9.3
CVE-2026-30893	Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer	29.04.2026	9
CVE-2026-26015	Unauthenticated RCE in DocsGPT MCP STDIO Configuration	30.04.2026	10
CVE-2026-41940	WebPros cPanel and WHM Authentication Bypass via Login Flow	04.05.2026	9.3
CVE-2026-5166	Path Traversal in TUBITAK BILGEM's Pardus Software Center	04.05.2026	9.6

Latest Updates

CVE	Title	Updated	Score
CVE-2026-23926	Stored XSS vulnerability in Host navigator widget maintenance tooltip	06.05.2026
CVE-2026-23927	Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter	06.05.2026
CVE-2026-23928	Stored XSS vulnerability in the Item history/Plain text widget	06.05.2026
CVE-2026-35253		06.05.2026	4.7
CVE-2026-35254		06.05.2026	6.1
CVE-2026-6344	Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment	06.05.2026	4.9
CVE-2026-6672	Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode	06.05.2026	6.4
CVE-2026-7332	LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter	06.05.2026	7.2
CVE-2026-7448	LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'first_name' Parameter	06.05.2026	7.2
CVE-2026-7457	LatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update	06.05.2026	6.4
CVE-2026-7841	GV-ASWeb Remote Code Execution (RCE) vulnerability	06.05.2026	8.8
CVE-2026-2306	Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation	06.05.2026	4.3
CVE-2026-3208	Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure	06.05.2026	5.3
CVE-2026-5753	All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download	06.05.2026	6.5
CVE-2026-7572	Velociraptor EVTX Parser — Process Crash via Crafted .evtx File	06.05.2026	4.4
CVE-2026-7573	GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations	06.05.2026	5
CVE-2025-71251		06.05.2026	7.5
CVE-2025-71252		06.05.2026	7.5
CVE-2025-71253		06.05.2026	7.5
CVE-2025-71254		06.05.2026	7.5
CVE-2025-71255		06.05.2026	7.5
CVE-2025-71256		06.05.2026	7.5
CVE-2026-44405		05.05.2026	3.4
CVE-2026-28780	Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()	05.05.2026
CVE-2026-40075	OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet	05.05.2026
CVE-2026-40110	jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat	05.05.2026
CVE-2026-40934	jupyter-server authentication cookies remain valid after password reset due to static cookie secret	05.05.2026
CVE-2026-39849	Pi-hole FTL remote code execution via newline injection in dns.interface configuration	05.05.2026
CVE-2026-39852	Quarkus authorization bypass via semicolon path normalization inconsistency	05.05.2026
CVE-2026-40068	Claude Code arbitrary code execution via git worktree commondir trust dialog bypass	05.05.2026
CVE-2026-35579	CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports	05.05.2026
CVE-2026-39383	Gotenberg unauthenticated blind SSRF via unfiltered webhook URL	05.05.2026
CVE-2026-39402	lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion	05.05.2026
CVE-2026-41950	Dify < 1.14.0 Authorization Bypass via File UUID	05.05.2026
CVE-2026-35527	Incus blind SSRF via image import preflight HEAD request	05.05.2026
CVE-2024-52911		05.05.2026
CVE-2026-34458	Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly	05.05.2026
CVE-2026-34459	Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave	05.05.2026
CVE-2026-34461	Sandboxie-Plus SbieIniServer RunSbieCtrl stack buffer overflow allows local privilege escalation	05.05.2026
CVE-2026-34462	Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy	05.05.2026
CVE-2026-34464	Sandboxie-Plus NamedPipeServer OpenHandler stack overflow via unterminated server field	05.05.2026
CVE-2026-34527	Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction	05.05.2026
CVE-2026-34596	Sandboxie-Plus local privilege escalation via TOCTOU race condition in UpdUtil addon installation	05.05.2026
CVE-2026-35397	jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix	05.05.2026
CVE-2026-35453	PhpSpreadsheet XSS via number format text substitution in HTML Writer	05.05.2026
CVE-2026-38947		05.05.2026
CVE-2026-40280	Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists	05.05.2026
CVE-2026-40329	SQL Injection vulnerability via sortBy in beanFeed	05.05.2026
CVE-2026-40330	Masa CMS SQL injection via sortDirection parameter in beanFeed	05.05.2026
CVE-2026-40331	Masa CMS unauthenticated SQL injection via altTable parameter in JSON API	05.05.2026
CVE-2026-44331		05.05.2026	8.1
CVE-2026-31893	Tunnelblick arbitrary file read via symlink following in tunnelblickd	05.05.2026
CVE-2026-32603	Sandboxie kernel driver denial of service via malformed IOCTL from sandboxed process	05.05.2026
CVE-2026-32699	FacturaScripts unauthorized modification of immutable nick field via EditUser controller	05.05.2026
CVE-2026-32934	CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service	05.05.2026
CVE-2026-32936	CoreDNS DoH GET path missing size validation causes CPU and memory amplification	05.05.2026
CVE-2026-33190	CoreDNS TSIG authentication bypass on encrypted DNS transports	05.05.2026
CVE-2026-33324	SQLBot prompt injection allows arbitrary SQL execution and remote code execution	05.05.2026
CVE-2026-33420	Vaultwarden missing authorization check allows Manager-role users to enumerate all collections	05.05.2026
CVE-2026-33489	CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison	05.05.2026
CVE-2026-33975	twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization	05.05.2026
CVE-2026-34084	PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load	05.05.2026
CVE-2026-7856	D-Link DI-8100 Web Management url_member.asp buffer overflow	05.05.2026
CVE-2026-7857	D-Link DI-8100 CGI user_group.asp sprintf buffer overflow	05.05.2026
CVE-2026-27960	OpenCTI privilege escalation and unauthenticated access via default admin account	05.05.2026	9.8
CVE-2026-30923	libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings	05.05.2026
CVE-2026-31835	Vaultwarden WebAuthn credential metadata tampered before signature verification	05.05.2026
CVE-2026-7855	D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow	05.05.2026
CVE-2026-38428		05.05.2026
CVE-2026-42997		06.05.2026	7.7
CVE-2026-7854	D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow	05.05.2026
CVE-2026-7851	D-Link DI-8100 yyxz.asp sprintf stack-based overflow	05.05.2026
CVE-2026-7853	D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow	05.05.2026
CVE-2026-25243	redis-server RESTORE invalid memory access may allow remote code execution	06.05.2026
CVE-2026-25588	RedisTimeSeries RESTORE invalid memory access may allow remote code execution	05.05.2026
CVE-2026-25589	RedisBloom RESTORE invalid memory access may allow remote code execution	05.05.2026
CVE-2026-23479	redis-server use-after-free in unblock client flow may allow remote code execution	06.05.2026
CVE-2026-23631	redis-server Lua use-after-free may allow remote code execution	06.05.2026
CVE-2026-38429		05.05.2026
CVE-2026-38431		05.05.2026
CVE-2026-38432		05.05.2026
CVE-2026-43002		06.05.2026	5.3
CVE-2026-7847	chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values	05.05.2026
CVE-2025-52206		05.05.2026
CVE-2025-61669	jupyter_server next parameter open redirect can redirect users to external domains	05.05.2026
CVE-2025-66369		05.05.2026
CVE-2026-31195		05.05.2026
CVE-2026-31196		05.05.2026
CVE-2026-32689	Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix	05.05.2026
CVE-2026-34000	Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.	05.05.2026
CVE-2026-34002	Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling	05.05.2026
CVE-2026-34956	Openvswitch: open vswitch: denial of service via malformed ftp epasv command	05.05.2026
CVE-2026-35192	Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST	05.05.2026
CVE-2026-39103		05.05.2026
CVE-2026-43059	Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers	05.05.2026
CVE-2026-43060	netfilter: nft_ct: drop pending enqueued packets on removal	05.05.2026
CVE-2026-43061	serial: 8250: Fix TX deadlock when using DMA	05.05.2026
CVE-2026-43062	Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()	05.05.2026
CVE-2026-43063	xfs: don't irele after failing to iget in xfs_attri_recover_work	05.05.2026
CVE-2026-43064	dmaengine: idxd: Fix not releasing workqueue on .release()	05.05.2026
CVE-2026-43065	ext4: always drain queued discard work in ext4_mb_release()	05.05.2026
CVE-2026-43066	ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths	05.05.2026
CVE-2026-43067	ext4: handle wraparound when searching for blocks for indirect mapped blocks	05.05.2026
CVE-2026-43068	ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()	05.05.2026
CVE-2026-43069	Bluetooth: hci_ll: Fix firmware leak on error path	05.05.2026
CVE-2026-43070	bpf: Reset register ID for BPF_END value tracking	05.05.2026
CVE-2026-43071	dcache: Limit the minimal number of bucket to two	05.05.2026
CVE-2026-43072	drm/vc4: platform_get_irq_byname() returns an int	05.05.2026
CVE-2026-43073	x86-64: rename misleadingly named '__copy_user_nocache()' function	05.05.2026
CVE-2026-5766	Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass	05.05.2026
CVE-2026-6907	Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware	05.05.2026
CVE-2026-7411		05.05.2026	10
CVE-2026-7412		05.05.2026	8.6
CVE-2026-7844	chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication	05.05.2026
CVE-2026-7845	chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash	05.05.2026
CVE-2026-7846	chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou	05.05.2026
CVE-2026-7865	Hidden Console Command	05.05.2026
CVE-2026-29168	Apache HTTP Server: mod_md unrestricted OCSP response	05.05.2026
CVE-2026-34408		05.05.2026
CVE-2026-36355		05.05.2026
CVE-2026-36356		05.05.2026
CVE-2026-4304	WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter	05.05.2026	7.5
CVE-2026-7778	runZero Platform dashboard configuration exposure	05.05.2026	5
CVE-2026-7834	EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow	05.05.2026
CVE-2026-27644	traccar allows CSV formula injection via exported position data	05.05.2026	6.5
CVE-2026-27693	traccar allows XML injection in KML and GPX exports	05.05.2026	5.4
CVE-2026-27694	traccar allows stored HTML injection in notification emails	05.05.2026	5.4
CVE-2026-28510	elabftw allows MFA bypass during login	05.05.2026	5.9
CVE-2026-30246	github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters	05.05.2026	6.5
CVE-2026-6918		05.05.2026
CVE-2026-7832	IObit Advanced SystemCare Service ASC.exe symlink	05.05.2026
CVE-2026-7833	EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection	05.05.2026
CVE-2023-54342	Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution	05.05.2026
CVE-2023-54344	Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console	05.05.2026
CVE-2023-54345	Frappe Framework ERPNext 13.4.0 Remote Code Execution	05.05.2026
CVE-2023-54346	WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download	05.05.2026
CVE-2023-54347	OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass	05.05.2026
CVE-2023-54348	ERPGo SaaS 3.9 CSV Injection via Vendor Creation	05.05.2026
CVE-2023-54349	AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search	05.05.2026
CVE-2026-42433	OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools	05.05.2026
CVE-2026-42434	OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing	05.05.2026
CVE-2026-42435	OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection	05.05.2026
CVE-2026-42436	OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes	05.05.2026
CVE-2026-42437	OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path	05.05.2026
CVE-2026-42438	OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads	05.05.2026
CVE-2026-42439	OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes	05.05.2026
CVE-2026-43526	OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling	05.05.2026
CVE-2026-43527	OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation	05.05.2026
CVE-2026-43528	OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases	05.05.2026
CVE-2026-43529	OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator	05.05.2026
CVE-2026-43530	OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution	05.05.2026
CVE-2026-43531	OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File	05.05.2026
CVE-2026-43532	OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image	05.05.2026
CVE-2026-43533	OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags	05.05.2026
CVE-2026-43534	OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events	05.05.2026
CVE-2026-43535	OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches	05.05.2026
CVE-2026-43566	OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events	05.05.2026
CVE-2026-43567	OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter	05.05.2026
CVE-2026-43568	OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint	05.05.2026
CVE-2026-43569	OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth	05.05.2026
CVE-2026-43570	OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling	05.05.2026
CVE-2026-43571	OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup	05.05.2026
CVE-2026-43572	OpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler	05.05.2026
CVE-2026-43573	OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes	05.05.2026
CVE-2026-43574	OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists	05.05.2026
CVE-2026-6261	Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload	05.05.2026	8.8
CVE-2026-6262	Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload'	05.05.2026	6.5
CVE-2025-42611	Improper certificate validation in multiple RouterOS services	05.05.2026	6.5
CVE-2026-6322	fast-uri vulnerable to host confusion via percent-encoded authority delimiters	05.05.2026	7.5