CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-1950 No checking of the length of the buffer with the file name in AS320T 24.04.2026 9.8
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T 24.04.2026 9.8
CVE-2026-1952 Denial of service via the undocumented subfunction in AS320T 24.04.2026 9.8
CVE-2026-1949 Incorrect calculation of buffer size on the stack in AS320T 24.04.2026 9.8
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-27843 SenseLive X3050 Missing authentication for critical function 23.04.2026 9.2
CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials 23.04.2026 9.3
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials 23.04.2026 9.3
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel 23.04.2026 9.3
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability 23.04.2026 9.6
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability 23.04.2026 9.3
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability 23.04.2026 9.3
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability 23.04.2026 10
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability 23.04.2026 10
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve 23.04.2026 9.3
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain 23.04.2026 9.3
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass 23.04.2026 9.3
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC 23.04.2026 9.3
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability 23.04.2026 9.2
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability 23.04.2026 9.2
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE 23.04.2026 9.4
CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) 23.04.2026 9.3
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer 23.04.2026 9.8
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting 23.04.2026 9.3
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability 23.04.2026 9.9
CVE-2026-40471 Hackage CSRF vulnerability 23.04.2026 9.6
CVE-2026-40472 Hackage package metadata stored XSS vulnerability 23.04.2026 9.9
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall 23.04.2026 9.3
CVE-2026-39440 WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability 23.04.2026 9.9
CVE-2026-6885 BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload 23.04.2026 9.3
CVE-2026-6886 BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass 23.04.2026 9.3
CVE-2026-6887 BorG Technology Corporation|Borg SPM 2007 - SQL Injection 23.04.2026 9.3
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution 23.04.2026 10
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) 23.04.2026 9.1
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote 23.04.2026 9.8
CVE-2026-41196 Luanti has a mod security sandbox escape 23.04.2026 9
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays 23.04.2026 9.3
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass 23.04.2026 10
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution 23.04.2026 9.2
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution 23.04.2026 9.2
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution 23.04.2026 9.1
CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user 23.04.2026 9.1
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation 23.04.2026 9.6
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector 22.04.2026 9.3
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection 22.04.2026 9.3
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction 22.04.2026 9.3
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access 22.04.2026 9.3
CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php 22.04.2026 9.1
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests 23.04.2026 9.8
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing 22.04.2026 9.1
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) 22.04.2026 9.3
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck 22.04.2026 9.2
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters 22.04.2026 10
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-34275 22.04.2026 9.8
CVE-2026-34279 22.04.2026 9.1
CVE-2026-34285 22.04.2026 9.1
CVE-2026-34286 22.04.2026 9.1
CVE-2026-34287 23.04.2026 9.1
CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API 22.04.2026 10
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks 22.04.2026 10
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs 22.04.2026 9.8
CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence 22.04.2026 9.1
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability 23.04.2026 9.1
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field 22.04.2026 9.3
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability 22.04.2026 9.1
CVE-2026-41193 FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE 21.04.2026 9.1
CVE-2026-21571 23.04.2026 9.4
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal 21.04.2026 9.8
CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration 21.04.2026 9
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server 21.04.2026 9.4
CVE-2026-5652 Authorization Bypass Through User-Controlled Key in Crafty Controller 21.04.2026 9
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet 21.04.2026 9.3
CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech 21.04.2026 9.3
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection 21.04.2026 9.3
CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation 21.04.2026 9
CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths 23.04.2026 10
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling 23.04.2026 10
CVE-2026-32311 Command Injection and Docker container escape allows root on host machine 21.04.2026 9.3
CVE-2026-6257 Vvveb CMS v1.0.8 Remote Code Execution via Media Management 21.04.2026 9.2
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise 20.04.2026 9.1
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint 20.04.2026 9.2
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM 20.04.2026 9.4
CVE-2026-32956 20.04.2026 9.3
CVE-2026-41242 protobufjs has an arbitrary code execution issue 20.04.2026 9.4
CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap 20.04.2026 9.8
CVE-2026-40493 SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode 20.04.2026 9.8
CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check 20.04.2026 9.8
CVE-2026-40317 NovumOS has Privilege Escalation in the Syscall Interface 20.04.2026 9.4
CVE-2026-40572 NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) 20.04.2026 9
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function 20.04.2026 9.1
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents 20.04.2026 9.1
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout 20.04.2026 9.1
CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions 22.04.2026 9.1
CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf 22.04.2026 9.1
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import 20.04.2026 9.1
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass 20.04.2026 9.8
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration 18.04.2026 9.4
CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode 20.04.2026 9.3
CVE-2026-35546 Anviz Products Missing Authentication for Critical Function 17.04.2026 9.8
CVE-2026-40342 Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution 22.04.2026 10
CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI 21.04.2026 9.1
CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements 20.04.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure 24.04.2026 4.3
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action 24.04.2026 4.3
CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint 24.04.2026 5.3
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 24.04.2026 6.4
CVE-2026-1950 No checking of the length of the buffer with the file name in AS320T 24.04.2026 9.8
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T 24.04.2026 9.8
CVE-2026-1952 Denial of service via the undocumented subfunction in AS320T 24.04.2026 9.8
CVE-2026-1949 Incorrect calculation of buffer size on the stack in AS320T 24.04.2026 9.8
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter 24.04.2026 5.3
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass 24.04.2026 8.1
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field 24.04.2026 6.4
CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover 24.04.2026 5.3
CVE-2026-2028 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter 24.04.2026 5.3
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) 24.04.2026 7.7
CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component 24.04.2026 5.4
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade 24.04.2026 6.5
CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL 24.04.2026 8.1
CVE-2026-41324 basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() 24.04.2026 7.5
CVE-2026-41430 Press vulnerable to reflected XSS on login redirection 24.04.2026
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic 24.04.2026 7.7
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' 24.04.2026 5.3
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage 24.04.2026 4.3
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass 24.04.2026
CVE-2026-32952 go-ntlmssp NTLM challenges can panic on malformed payloads 24.04.2026 5.3
CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing 24.04.2026
CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability 24.04.2026
CVE-2026-33078 Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter 24.04.2026
CVE-2026-33208 Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint 24.04.2026
CVE-2026-33317 OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure 24.04.2026 8.7
CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers 24.04.2026 8.8
CVE-2026-40254 FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal .. 24.04.2026 4.2
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output 24.04.2026 6.1
CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing 24.04.2026 8.2
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class 24.04.2026 8.1
CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation 24.04.2026
CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login 24.04.2026 6.4
CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality 24.04.2026 4.9
CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization 24.04.2026 4.3
CVE-2026-32870 Kirby has XML injection in its XML creator toolkit 24.04.2026
CVE-2026-34587 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering 24.04.2026
CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter 24.04.2026
CVE-2026-41325 Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection 24.04.2026
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function 24.04.2026
CVE-2026-27841 SenseLive X3050 Cross-Site request forgery 24.04.2026
CVE-2026-27843 SenseLive X3050 Missing authentication for critical function 23.04.2026
CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses 23.04.2026 6.1
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results 24.04.2026 4.4
CVE-2026-31952 Xibo CMS API has SQL Injection via DataSet Filter Parameter 24.04.2026 7.6
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function 24.04.2026
CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials 23.04.2026
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials 23.04.2026
CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information 23.04.2026
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function 24.04.2026
CVE-2026-40623 SenseLive X3050 Missing Authorization 23.04.2026
CVE-2026-1789 23.04.2026 4.9
CVE-2026-25720 SenseLive X3050 Insufficient session expiration 23.04.2026
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel 23.04.2026
CVE-2026-29197 23.04.2026
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document 23.04.2026
CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist 23.04.2026
CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken 23.04.2026
CVE-2026-41334 OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass 23.04.2026
CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON 23.04.2026
CVE-2026-41336 OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override 23.04.2026
CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay 23.04.2026
CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations 23.04.2026
CVE-2026-41339 OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot 23.04.2026
CVE-2026-41340 OpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom Migration 23.04.2026
CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension 23.04.2026
CVE-2026-41342 OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding 23.04.2026
CVE-2026-41343 OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency 23.04.2026
CVE-2026-41344 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter 23.04.2026
CVE-2026-41345 OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download 23.04.2026
CVE-2026-41346 OpenClaw 2026.2.26 < 2026.3.31 - Denial of Service via Improper Pending Pairing Request Cap Enforcement 23.04.2026
CVE-2026-41347 OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints 23.04.2026
CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands 23.04.2026
CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch 23.04.2026
CVE-2026-41350 OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations 23.04.2026
CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding 23.04.2026
CVE-2026-41352 OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass 23.04.2026
CVE-2026-41353 OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection 23.04.2026
CVE-2026-41354 OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys 23.04.2026
CVE-2026-41355 OpenShell < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion 23.04.2026
CVE-2026-41356 OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate 23.04.2026
CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends 23.04.2026
CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context 23.04.2026
CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence 23.04.2026
CVE-2026-41360 OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding 23.04.2026
CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges 23.04.2026
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability 23.04.2026 9.6
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability 23.04.2026 8.6
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers 23.04.2026
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability 23.04.2026 8
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability 23.04.2026 9.3
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability 23.04.2026 9.3
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability 23.04.2026 10
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability 23.04.2026 10
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve 23.04.2026
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain 23.04.2026
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser 23.04.2026
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass 23.04.2026
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System 23.04.2026
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System 23.04.2026
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion 23.04.2026
CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink 23.04.2026
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC 23.04.2026
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability 23.04.2026
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability 23.04.2026
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability 23.04.2026
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) 23.04.2026
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs 23.04.2026
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials 23.04.2026
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE 23.04.2026
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. 23.04.2026
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig 23.04.2026
CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association 23.04.2026 8.1
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution 23.04.2026
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment 23.04.2026 7.1
CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox 23.04.2026 7.1
CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains 23.04.2026
CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) 23.04.2026 7.1
CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow 23.04.2026
CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP 23.04.2026
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup 23.04.2026
CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy 23.04.2026 8.1
CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI 23.04.2026
CVE-2026-41259 Mastodon: Insufficient verification of email addresses 23.04.2026
CVE-2026-31162 23.04.2026
CVE-2026-31163 23.04.2026
CVE-2026-31166 23.04.2026
CVE-2026-31167 23.04.2026
CVE-2026-31168 23.04.2026
CVE-2026-31169 23.04.2026
CVE-2026-31173 23.04.2026
CVE-2026-33694 Junction File Manipulation 24.04.2026
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller 23.04.2026 7.7
CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers 23.04.2026 5.3
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path 23.04.2026 5.9
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS 23.04.2026 5.9
CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes 23.04.2026 5.9
CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead 23.04.2026 8.7
CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) 23.04.2026
CVE-2026-31171 23.04.2026
CVE-2026-31172 23.04.2026
CVE-2026-31174 23.04.2026
CVE-2026-31175 23.04.2026
CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies 23.04.2026 5.3
CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling 23.04.2026 5.3
CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route 23.04.2026
CVE-2026-41909 OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions 23.04.2026
CVE-2026-31160 23.04.2026
CVE-2026-31164 23.04.2026
CVE-2026-31165 23.04.2026
CVE-2026-31159 23.04.2026
CVE-2026-31176 23.04.2026
CVE-2026-31177 23.04.2026
CVE-2026-31178 23.04.2026
CVE-2026-31181 23.04.2026
CVE-2026-31179 23.04.2026
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption 23.04.2026
CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N 23.04.2026
CVE-2026-6919 24.04.2026
CVE-2026-6920 24.04.2026
CVE-2026-6921 24.04.2026
CVE-2025-50229 23.04.2026
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer 23.04.2026 9.8
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting 23.04.2026
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling 24.04.2026
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption 24.04.2026
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access 24.04.2026
CVE-2026-39087 23.04.2026
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability 23.04.2026 9.9
CVE-2026-40471 Hackage CSRF vulnerability 23.04.2026 9.6
CVE-2026-40472 Hackage package metadata stored XSS vulnerability 23.04.2026 9.9
CVE-2026-41238 DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback 23.04.2026 6.9
CVE-2026-41239 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode 23.04.2026 6.8
CVE-2026-41240 DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix) 23.04.2026
CVE-2025-70994 23.04.2026
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP 23.04.2026
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall 23.04.2026
CVE-2026-41461 SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview 23.04.2026
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable 23.04.2026
CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler 23.04.2026
CVE-2026-39440 WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability 23.04.2026 9.9