CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly 05.05.2026 9.3
CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed 05.05.2026 9.3
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed 05.05.2026 9.3
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API 05.05.2026 9.3
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution 05.05.2026 9.4
CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load 05.05.2026 9.2
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account 05.05.2026 9.8
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow 05.05.2026 9.3
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow 05.05.2026 9.3
CVE-2026-7411 05.05.2026 10
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow 05.05.2026 9.3
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution 05.05.2026 9.3
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console 05.05.2026 9.3
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events 05.05.2026 9.3
CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events 05.05.2026 9.1
CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability 05.05.2026 9.3
CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection 05.05.2026 9.3
CVE-2026-5294 GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action 05.05.2026 9.8
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration 05.05.2026 9.8
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse 05.05.2026 9.8
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui 05.05.2026 9
CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi 04.05.2026 9.3
CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi 05.05.2026 9.3
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi 04.05.2026 9.3
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time) 04.05.2026 9.3
CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi 04.05.2026 9.3
CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE 05.05.2026 9.4
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE 05.05.2026 9.4
CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null" 04.05.2026 9.4
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base 05.05.2026 9.6
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool 04.05.2026 9.6
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure 04.05.2026 9.2
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__ 04.05.2026 9.8
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species 05.05.2026 9.8
CVE-2026-24781 vm2: Sandbox Breakout Through Inspect 04.05.2026 9.8
CVE-2026-25293 Incorrect authorization in PLC FW 05.05.2026 9.6
CVE-2026-26332 vm2: Sandbox Escape 04.05.2026 9.8
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) 05.05.2026 9.8
CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution 05.05.2026 9.8
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering 05.05.2026 9.6
CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names 04.05.2026 9.4
CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions 04.05.2026 9.4
CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials 04.05.2026 9.8
CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations 04.05.2026 9.4
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path` 04.05.2026 9.4
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway 04.05.2026 9.3
CVE-2025-14320 XSS in Tegsoft's Online Support Application 04.05.2026 9.8
CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow 04.05.2026 9.3
CVE-2026-29200 04.05.2026 9.9
CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow 05.05.2026 9.3
CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability 05.05.2026 9.9
CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability 05.05.2026 9.9
CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability 05.05.2026 10
CVE-2026-42370 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9
CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability 05.05.2026 9.3
CVE-2026-7372 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload 04.05.2026 9.8
CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint 04.05.2026 9.8
CVE-2026-37539 01.05.2026 9.8
CVE-2026-37541 01.05.2026 10
CVE-2026-37531 01.05.2026 9.8
CVE-2026-43011 net/x25: Fix potential double free of skb 03.05.2026 9.8
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err() 03.05.2026 9.8
CVE-2026-43038 ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() 03.05.2026 9.8
CVE-2026-43039 net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch 03.05.2026 9.8
CVE-2026-31705 ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment 03.05.2026 9.8
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger 03.05.2026 9.8
CVE-2026-42778 Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2) 02.05.2026 9.8
CVE-2026-42779 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2) 02.05.2026 9.8
CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover 01.05.2026 9.8
CVE-2026-42996 01.05.2026 10
CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow 01.05.2026 9.3
CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection 01.05.2026 9.3
CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet 30.04.2026 9.3
CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address 30.04.2026 9.3
CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation 01.05.2026 9.8
CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change 30.04.2026 9.3
CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change 30.04.2026 9.3
CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change 30.04.2026 9.3
CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer 29.04.2026 9
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration 30.04.2026 10
CVE-2026-41940 WebPros cPanel and WHM Authentication Bypass via Login Flow 04.05.2026 9.3
CVE-2026-5166 Path Traversal in TUBITAK BILGEM's Pardus Software Center 04.05.2026 9.6

Latest Updates

CVE Title Updated Score
CVE-2026-23926 Stored XSS vulnerability in Host navigator widget maintenance tooltip 06.05.2026
CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter 06.05.2026
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget 06.05.2026
CVE-2026-35253 06.05.2026 4.7
CVE-2026-35254 06.05.2026 6.1
CVE-2026-6344 Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment 06.05.2026 4.9
CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode 06.05.2026 6.4
CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter 06.05.2026 7.2
CVE-2026-7448 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'first_name' Parameter 06.05.2026 7.2
CVE-2026-7457 LatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update 06.05.2026 6.4
CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability 06.05.2026 8.8
CVE-2026-2306 Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation 06.05.2026 4.3
CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure 06.05.2026 5.3
CVE-2026-5753 All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download 06.05.2026 6.5
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File 06.05.2026 4.4
CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations 06.05.2026 5
CVE-2025-71251 06.05.2026 7.5
CVE-2025-71252 06.05.2026 7.5
CVE-2025-71253 06.05.2026 7.5
CVE-2025-71254 06.05.2026 7.5
CVE-2025-71255 06.05.2026 7.5
CVE-2025-71256 06.05.2026 7.5
CVE-2026-44405 05.05.2026 3.4
CVE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() 05.05.2026
CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet 05.05.2026
CVE-2026-40110 jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat 05.05.2026
CVE-2026-40934 jupyter-server authentication cookies remain valid after password reset due to static cookie secret 05.05.2026
CVE-2026-39849 Pi-hole FTL remote code execution via newline injection in dns.interface configuration 05.05.2026
CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency 05.05.2026
CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass 05.05.2026
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports 05.05.2026
CVE-2026-39383 Gotenberg unauthenticated blind SSRF via unfiltered webhook URL 05.05.2026
CVE-2026-39402 lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion 05.05.2026
CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID 05.05.2026
CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request 05.05.2026
CVE-2024-52911 05.05.2026
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly 05.05.2026
CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave 05.05.2026
CVE-2026-34461 Sandboxie-Plus SbieIniServer RunSbieCtrl stack buffer overflow allows local privilege escalation 05.05.2026
CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy 05.05.2026
CVE-2026-34464 Sandboxie-Plus NamedPipeServer OpenHandler stack overflow via unterminated server field 05.05.2026
CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction 05.05.2026
CVE-2026-34596 Sandboxie-Plus local privilege escalation via TOCTOU race condition in UpdUtil addon installation 05.05.2026
CVE-2026-35397 jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix 05.05.2026
CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer 05.05.2026
CVE-2026-38947 05.05.2026
CVE-2026-40280 Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists 05.05.2026
CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed 05.05.2026
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed 05.05.2026
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API 05.05.2026
CVE-2026-44331 05.05.2026 8.1
CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd 05.05.2026
CVE-2026-32603 Sandboxie kernel driver denial of service via malformed IOCTL from sandboxed process 05.05.2026
CVE-2026-32699 FacturaScripts unauthorized modification of immutable nick field via EditUser controller 05.05.2026
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service 05.05.2026
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification 05.05.2026
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports 05.05.2026
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution 05.05.2026
CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections 05.05.2026
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison 05.05.2026
CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization 05.05.2026
CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load 05.05.2026
CVE-2026-7856 D-Link DI-8100 Web Management url_member.asp buffer overflow 05.05.2026
CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow 05.05.2026
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account 05.05.2026 9.8
CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings 05.05.2026
CVE-2026-31835 Vaultwarden WebAuthn credential metadata tampered before signature verification 05.05.2026
CVE-2026-7855 D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow 05.05.2026
CVE-2026-38428 05.05.2026
CVE-2026-42997 06.05.2026 7.7
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow 05.05.2026
CVE-2026-7851 D-Link DI-8100 yyxz.asp sprintf stack-based overflow 05.05.2026
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow 05.05.2026
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution 06.05.2026
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution 05.05.2026
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution 05.05.2026
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution 06.05.2026
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution 06.05.2026
CVE-2026-38429 05.05.2026
CVE-2026-38431 05.05.2026
CVE-2026-38432 05.05.2026
CVE-2026-43002 06.05.2026 5.3
CVE-2026-7847 chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values 05.05.2026
CVE-2025-52206 05.05.2026
CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains 05.05.2026
CVE-2025-66369 05.05.2026
CVE-2026-31195 05.05.2026
CVE-2026-31196 05.05.2026
CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix 05.05.2026
CVE-2026-34000 Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing. 05.05.2026
CVE-2026-34002 Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling 05.05.2026
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command 05.05.2026
CVE-2026-35192 Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST 05.05.2026
CVE-2026-39103 05.05.2026
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers 05.05.2026
CVE-2026-43060 netfilter: nft_ct: drop pending enqueued packets on removal 05.05.2026
CVE-2026-43061 serial: 8250: Fix TX deadlock when using DMA 05.05.2026
CVE-2026-43062 Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() 05.05.2026
CVE-2026-43063 xfs: don't irele after failing to iget in xfs_attri_recover_work 05.05.2026
CVE-2026-43064 dmaengine: idxd: Fix not releasing workqueue on .release() 05.05.2026
CVE-2026-43065 ext4: always drain queued discard work in ext4_mb_release() 05.05.2026
CVE-2026-43066 ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths 05.05.2026
CVE-2026-43067 ext4: handle wraparound when searching for blocks for indirect mapped blocks 05.05.2026
CVE-2026-43068 ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() 05.05.2026
CVE-2026-43069 Bluetooth: hci_ll: Fix firmware leak on error path 05.05.2026
CVE-2026-43070 bpf: Reset register ID for BPF_END value tracking 05.05.2026
CVE-2026-43071 dcache: Limit the minimal number of bucket to two 05.05.2026
CVE-2026-43072 drm/vc4: platform_get_irq_byname() returns an int 05.05.2026
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function 05.05.2026
CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass 05.05.2026
CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware 05.05.2026
CVE-2026-7411 05.05.2026 10
CVE-2026-7412 05.05.2026 8.6
CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication 05.05.2026
CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash 05.05.2026
CVE-2026-7846 chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou 05.05.2026
CVE-2026-7865 Hidden Console Command 05.05.2026
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response 05.05.2026
CVE-2026-34408 05.05.2026
CVE-2026-36355 05.05.2026
CVE-2026-36356 05.05.2026
CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter 05.05.2026 7.5
CVE-2026-7778 runZero Platform dashboard configuration exposure 05.05.2026 5
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow 05.05.2026
CVE-2026-27644 traccar allows CSV formula injection via exported position data 05.05.2026 6.5
CVE-2026-27693 traccar allows XML injection in KML and GPX exports 05.05.2026 5.4
CVE-2026-27694 traccar allows stored HTML injection in notification emails 05.05.2026 5.4
CVE-2026-28510 elabftw allows MFA bypass during login 05.05.2026 5.9
CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters 05.05.2026 6.5
CVE-2026-6918 05.05.2026
CVE-2026-7832 IObit Advanced SystemCare Service ASC.exe symlink 05.05.2026
CVE-2026-7833 EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection 05.05.2026
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution 05.05.2026
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console 05.05.2026
CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution 05.05.2026
CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download 05.05.2026
CVE-2023-54347 OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass 05.05.2026
CVE-2023-54348 ERPGo SaaS 3.9 CSV Injection via Vendor Creation 05.05.2026
CVE-2023-54349 AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search 05.05.2026
CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools 05.05.2026
CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing 05.05.2026
CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection 05.05.2026
CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes 05.05.2026
CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path 05.05.2026
CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads 05.05.2026
CVE-2026-42439 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes 05.05.2026
CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling 05.05.2026
CVE-2026-43527 OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation 05.05.2026
CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases 05.05.2026
CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator 05.05.2026
CVE-2026-43530 OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution 05.05.2026
CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File 05.05.2026
CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image 05.05.2026
CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags 05.05.2026
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events 05.05.2026
CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches 05.05.2026
CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events 05.05.2026
CVE-2026-43567 OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter 05.05.2026
CVE-2026-43568 OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint 05.05.2026
CVE-2026-43569 OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth 05.05.2026
CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling 05.05.2026
CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup 05.05.2026
CVE-2026-43572 OpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler 05.05.2026
CVE-2026-43573 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes 05.05.2026
CVE-2026-43574 OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists 05.05.2026
CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload 05.05.2026 8.8
CVE-2026-6262 Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload' 05.05.2026 6.5
CVE-2025-42611 Improper certificate validation in multiple RouterOS services 05.05.2026 6.5
CVE-2026-6322 fast-uri vulnerable to host confusion via percent-encoded authority delimiters 05.05.2026 7.5