CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-2330 CVE-2026-2330 06.03.2026 9.4
CVE-2026-2331 CVE-2026-2331 06.03.2026 9.8
CVE-2026-29183 SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution 06.03.2026 9.3
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php 06.03.2026 9.8
CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization 06.03.2026 9.3
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint 06.03.2026 9.2
CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import 06.03.2026 9.3
CVE-2026-28785 Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import 06.03.2026 9.3
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths 06.03.2026 9.1
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description 06.03.2026 9.1
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling) 06.03.2026 9.3
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php 06.03.2026 9.8
CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction 06.03.2026 9.3
CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment 06.03.2026 9.2
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function 05.03.2026 9.3
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability 05.03.2026 9.8
CVE-2026-28391 OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement 05.03.2026 9.2
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching 05.03.2026 9.2
CVE-2026-28466 OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass 05.03.2026 9.4
CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes 05.03.2026 9.2
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake 05.03.2026 9.2
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing 05.03.2026 9.3
CVE-2026-28484 OpenClaw 2026.2.15 - Option Injection in pre-commit Hook via Malicious Filenames 05.03.2026 9.3
CVE-2026-21622 Password Reset Tokens Do Not Expire 05.03.2026 9.5
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files 05.03.2026 9.1
CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check 05.03.2026 9.1
CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading 05.03.2026 10
CVE-2026-28353 Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release 05.03.2026 10
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification 05.03.2026 9.3
CVE-2026-24457 05.03.2026 9.1
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure 05.03.2026 9.8
CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks 05.03.2026 9.3
CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force 05.03.2026 9.3
CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server 05.03.2026 9.3
CVE-2026-30792 RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings 05.03.2026 9.1
CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation 05.03.2026 9.3
CVE-2026-30794 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure 05.03.2026 9.1
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' 05.03.2026 9.8
CVE-2026-21628 Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla 05.03.2026 10
CVE-2026-28536 05.03.2026 9.6
CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE 05.03.2026 10
CVE-2026-1678 dns: memory‑safety issue in the DNS name parser 05.03.2026 9.4
CVE-2026-29127 Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100 05.03.2026 9.2
CVE-2026-2835 HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing 04.03.2026 9.3
CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade 04.03.2026 9.3
CVE-2026-29000 pac4j-jwt JwtAuthenticator Authentication Bypass 05.03.2026 10
CVE-2026-20079 05.03.2026 10
CVE-2026-20131 05.03.2026 10
CVE-2026-28783 Craft has a Twig Function Blocklist Bypass 06.03.2026 9.4
CVE-2026-28697 Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates 06.03.2026 9.4
CVE-2026-27441 PDF Password CMDi 04.03.2026 9.5
CVE-2026-27442 zip_attachments Path Traversal 04.03.2026 9.3
CVE-2026-27446 Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation 05.03.2026 9.3
CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver 05.03.2026 9.2
CVE-2026-28777 Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX2100 Satellite Receiver 05.03.2026 9.2
CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root 05.03.2026 9.3
CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE 05.03.2026 9.3
CVE-2026-28775 Unauthenticated RCE via SNMP Default Writable Community String 05.03.2026 10
CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization 04.03.2026 9.2
CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution 05.03.2026 10
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection 04.03.2026 9.1
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering 04.03.2026 9.3
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure 04.03.2026 10
CVE-2026-25146 OpenEMR's payments gateway_api_key secret rendered into client JS code 04.03.2026 9.6
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php 04.03.2026 9.8
CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection 03.03.2026 9.3
CVE-2026-3437 Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits 03.03.2026 9.3
CVE-2026-22891 03.03.2026 9.8
CVE-2026-22886 03.03.2026 9.8
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration 03.03.2026 9.8
CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass 03.03.2026 9.8
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution 02.03.2026 9.8
CVE-2026-23600 03.03.2026 10
CVE-2025-12462 Blind SQL Injection in DobryCMS 02.03.2026 9.3
CVE-2025-14532 Remote Code Execution via Unrestricted File Upload in DobryCMS 02.03.2026 9.3
CVE-2026-3431 Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion 02.03.2026 9.8
CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft 02.03.2026 9.3
CVE-2025-30035 Lack of API authentication allowing session generation for any user 02.03.2026 9
CVE-2025-30042 Session generation possible with certificate number only 02.03.2026 9
CVE-2025-30044 RCE on uhcapache user permissions 02.03.2026 9.4
CVE-2026-2584 SQL Injection in Ciser System SL firmware 02.03.2026 9.3
CVE-2026-2999 Changing|IDExpert Windows Logon Agent - Remote Code Execution 02.03.2026 9.3
CVE-2026-3000 Changing|IDExpert Windows Logon Agent - Remote Code Execution 02.03.2026 9.3
CVE-2026-3422 e-Excellence|U-Office Force - Insecure Deserialization 02.03.2026 9.3
CVE-2026-2844 TimePictra Authentication Bypass Vulnerability 02.03.2026 9.3
CVE-2026-3010 TimePictra Stored Cross-Site Scripting 02.03.2026 9.3
CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php 02.03.2026 9.3
CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter 02.03.2026 9.3
CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter 02.03.2026 9.3
CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php 02.03.2026 9.8
CVE-2026-28409 WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection 02.03.2026 10
CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)` 02.03.2026 9.8
CVE-2026-28268 Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse 03.03.2026 9.8
CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE) 03.03.2026 9.4
CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID 02.03.2026 9.3
CVE-2026-27751 SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials 02.03.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-2330 CVE-2026-2330 06.03.2026 9.4
CVE-2026-2331 CVE-2026-2331 06.03.2026 9.8
CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly 06.03.2026
CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion 06.03.2026
CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access 06.03.2026
CVE-2026-29074 SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs) 06.03.2026 7.5
CVE-2026-29183 SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution 06.03.2026 9.3
CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' 06.03.2026 6.1
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response 06.03.2026 6.1
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text() 06.03.2026
CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation 06.03.2026
CVE-2026-29048 HumHub: XSS in Button component 06.03.2026
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI 06.03.2026 4.3
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php 06.03.2026 9.8
CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality 06.03.2026
CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements 06.03.2026
CVE-2026-28799 PJSIP: Heap use-after-free in PJSIP presence subscription termination handler 06.03.2026
CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user 06.03.2026 6.4
CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files 06.03.2026 6.6
CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification 06.03.2026
CVE-2026-28804 pypdf: Inefficient decoding of ASCIIHexDecode streams 06.03.2026
CVE-2026-29068 PJSIP: Stack buffer overflow in Opus codec parser 06.03.2026
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI 06.03.2026
CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF 06.03.2026
CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update 06.03.2026
CVE-2026-28428 Talishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game Actions 06.03.2026 5.3
CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter 06.03.2026 7.5
CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream 06.03.2026 6.4
CVE-2026-28683 Gokapi: Stored XSS in SVG Hotlinks 06.03.2026 8.7
CVE-2026-28685 Kimai: API invoice endpoint missing customer-level access control (IDOR) 06.03.2026 6.5
CVE-2026-28787 OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay 06.03.2026 8.2
CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization 06.03.2026
CVE-2026-29060 Gokapi: Privilege escalation with auth token 06.03.2026 5
CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion 06.03.2026 5.4
CVE-2026-29084 Gokapi: CSRF in Login Endpoint 06.03.2026 4.6
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations 06.03.2026 6.5
CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query 06.03.2026 7.2
CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API 06.03.2026 8.8
CVE-2026-27005 Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables) 06.03.2026
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions 06.03.2026
CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API 06.03.2026 6.3
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal 06.03.2026
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint 06.03.2026
CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability 06.03.2026 6.3
CVE-2026-28675 OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints 06.03.2026 5.3
CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations 06.03.2026 8.8
CVE-2026-28677 OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access 06.03.2026 8.2
CVE-2026-28679 HomeGallery: Path Traversal (Arbitrary File Read) 06.03.2026 8.6
CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import 06.03.2026 9.3
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links 06.03.2026 8.1
CVE-2026-28785 Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import 06.03.2026
CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation 06.03.2026 8.8
CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback 06.03.2026
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion 06.03.2026 8.1
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths 06.03.2026 9.1
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description 06.03.2026 9.1
CVE-2025-59544 Chamilo: Unauthorized access to update category of any user 06.03.2026
CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload 06.03.2026 8.8
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS 06.03.2026 6.5
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload 06.03.2026 4.9
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling) 06.03.2026
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php 06.03.2026 9.8
CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction 06.03.2026
CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment 06.03.2026
CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port 06.03.2026 8.1
CVE-2026-3616 DefaultFuction Jeson Customer Relationship Management System edit.php sql injection 06.03.2026
CVE-2026-3613 Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow 06.03.2026
CVE-2026-3610 HSC Cybersecurity Mailinspector URL mliUserValidation.php cross site scripting 06.03.2026
CVE-2026-3612 Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection 06.03.2026
CVE-2026-28725 05.03.2026
CVE-2026-28726 05.03.2026
CVE-2025-11790 05.03.2026
CVE-2025-11791 05.03.2026
CVE-2025-11792 05.03.2026
CVE-2025-30413 05.03.2026
CVE-2026-24912 ePower epower.ie Insufficient Session Expiration 05.03.2026 7.3
CVE-2026-27770 ePower epower.ie Insufficiently Protected Credentials 05.03.2026 6.5
CVE-2026-28709 05.03.2026
CVE-2026-28710 05.03.2026
CVE-2026-28711 05.03.2026
CVE-2026-28712 05.03.2026
CVE-2026-28713 05.03.2026
CVE-2026-28714 05.03.2026
CVE-2026-28715 05.03.2026
CVE-2026-28716 05.03.2026
CVE-2026-28717 05.03.2026
CVE-2026-28718 05.03.2026
CVE-2026-28719 05.03.2026
CVE-2026-28720 05.03.2026
CVE-2026-28721 05.03.2026
CVE-2026-28722 05.03.2026
CVE-2026-28723 05.03.2026
CVE-2026-28724 05.03.2026
CVE-2026-28727 05.03.2026
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function 05.03.2026 9.4
CVE-2026-27778 ePower epower.ie Improper Restriction of Excessive Authentication Attempts 05.03.2026 7.5
CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup 05.03.2026 5.3
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability 05.03.2026 9.8
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 05.03.2026 6.7
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability 05.03.2026 6.5
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 05.03.2026 6.7
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability 05.03.2026 8.6
CVE-2026-28391 OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement 05.03.2026
CVE-2026-28392 OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Messages 05.03.2026
CVE-2026-28393 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal 05.03.2026
CVE-2026-28394 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool 05.03.2026
CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl 05.03.2026
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching 05.03.2026
CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name 05.03.2026
CVE-2026-28448 OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control 05.03.2026
CVE-2026-28450 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints 05.03.2026
CVE-2026-28451 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching 05.03.2026
CVE-2026-28452 OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive 05.03.2026
CVE-2026-28453 OpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive Extraction 05.03.2026
CVE-2026-28454 OpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram Webhook 05.03.2026
CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling 05.03.2026
CVE-2026-28457 OpenClaw < 2026.2.14 - Path Traversal in Sandbox Skill Mirroring via Name Parameter 05.03.2026
CVE-2026-28458 OpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket Endpoint 05.03.2026
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path 05.03.2026
CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths 05.03.2026
CVE-2026-28463 OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist 05.03.2026
CVE-2026-28464 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication 05.03.2026
CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers 05.03.2026
CVE-2026-28466 OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass 05.03.2026
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration 05.03.2026
CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server 05.03.2026
CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity 05.03.2026
CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes 05.03.2026
CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin 05.03.2026
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake 05.03.2026
CVE-2026-28473 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command 05.03.2026
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing 05.03.2026
CVE-2026-28475 OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison 05.03.2026
CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication 05.03.2026
CVE-2026-28477 OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow 05.03.2026
CVE-2026-28478 OpenClaw < 2026.2.13 - Denial of Service via Unbounded Webhook Request Body Buffering 05.03.2026
CVE-2026-28479 OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration 05.03.2026
CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization 05.03.2026
CVE-2026-28481 OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching 05.03.2026
CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters 05.03.2026
CVE-2026-28484 OpenClaw 2026.2.15 - Option Injection in pre-commit Hook via Malicious Filenames 05.03.2026
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints 05.03.2026
CVE-2026-28486 OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extraction via Installation Commands 05.03.2026
CVE-2026-29606 OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility 05.03.2026
CVE-2026-29609 OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch 05.03.2026
CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling 05.03.2026
CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling 05.03.2026
CVE-2026-29612 OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding 05.03.2026
CVE-2026-29613 OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust 05.03.2026
CVE-2026-3606 Ettercap etterfilter ef_output.c add_data_segment out-of-bounds 05.03.2026
CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting 05.03.2026 6.4
CVE-2026-21622 Password Reset Tokens Do Not Expire 05.03.2026
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files 05.03.2026 9.1
CVE-2025-70948 05.03.2026
CVE-2025-70949 05.03.2026
CVE-2025-70995 05.03.2026
CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory 05.03.2026
CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check 05.03.2026 9.1
CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading 05.03.2026
CVE-2026-22723 UAA User Token Revocation logic error 05.03.2026 6.5
CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation 05.03.2026 8.6
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter 05.03.2026
CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html 05.03.2026
CVE-2026-29077 Frappe: Broken Access Control in DocShare 05.03.2026 7.1
CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization 05.03.2026 6.5
CVE-2025-70614 05.03.2026
CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions 05.03.2026 8
CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens 05.03.2026
CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes 05.03.2026 5.3
CVE-2025-29165 05.03.2026
CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes 05.03.2026 6.1
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration 05.03.2026 6.1
CVE-2026-28353 Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release 05.03.2026
CVE-2026-28342 OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint 05.03.2026 7.5
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package 05.03.2026 6.4
CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling 05.03.2026 7.5
CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login 05.03.2026 7.5
CVE-2024-43035 05.03.2026 5.8
CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel 05.03.2026
CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access 05.03.2026
CVE-2026-28222 Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes 05.03.2026 6.1
CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface 05.03.2026 6.1
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading 05.03.2026 6.8
CVE-2025-70616 05.03.2026
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification 05.03.2026 9.3
CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments 05.03.2026 8.7
CVE-2026-26194 Gogs: Release tag option injection in release deletion 05.03.2026
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names 05.03.2026
CVE-2026-26196 Gogs: Access tokens get exposed through URL params in API requests 05.03.2026
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection 05.03.2026 7.3
CVE-2026-28209 FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration 05.03.2026
CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports 05.03.2026
CVE-2026-28284 FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module 05.03.2026
CVE-2026-28287 FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints 05.03.2026
CVE-2026-3009 Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass) 06.03.2026
CVE-2026-3047 Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login 06.03.2026
CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload 05.03.2026 8.1
CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm 05.03.2026
CVE-2025-45691 05.03.2026
CVE-2025-70229 05.03.2026
CVE-2025-70230 05.03.2026
CVE-2025-70231 05.03.2026
CVE-2025-70232 05.03.2026
CVE-2025-70233 05.03.2026
CVE-2025-7375 Unauthenticated Denial-of-Service Vulnerability in Omada EAP610 05.03.2026
CVE-2026-24457 05.03.2026 9.1
CVE-2026-26416 05.03.2026
CVE-2026-26417 05.03.2026
CVE-2026-26418 05.03.2026
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS) 05.03.2026 4.4
CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS) 05.03.2026 7.5
CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client 05.03.2026 5
CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects 05.03.2026 4.3
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure 05.03.2026 9.8
CVE-2026-29054 Traefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) 05.03.2026 7.5
CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies 05.03.2026
CVE-2026-30784 RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check 05.03.2026
CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305) 05.03.2026
CVE-2025-64166 Mercurius: Incorrect Content-Type parsing can lead to CSRF attack 05.03.2026 5.4
CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS 05.03.2026
CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks 05.03.2026
CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force 05.03.2026
CVE-2026-30796 RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol 05.03.2026
CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server 05.03.2026
CVE-2026-30798 RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload 05.03.2026
CVE-2026-26377 05.03.2026
CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation 05.03.2026
CVE-2026-30794 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure 05.03.2026
CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure 05.03.2026