Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-62328 | HIGH | 7.5 | 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API … | Jul 13, 2026 |
| CVE-2026-62327 | CRITICAL | 9.1 | 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts … | Jul 13, 2026 |
| CVE-2026-62242 | HIGH | 8.6 | Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters … | Jul 13, 2026 |
| CVE-2026-62240 | HIGH | 7.4 | CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url function that performs one-shot DNS resolution and blocklist checks before returning the original … | Jul 13, 2026 |
| CVE-2026-62239 | MEDIUM | 6.6 | FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and_copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating … | Jul 13, 2026 |
| CVE-2026-62200 | HIGH | 8.8 | OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature … | Jul 13, 2026 |
| CVE-2026-62199 | HIGH | 8.8 | OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and … | Jul 13, 2026 |
| CVE-2026-62198 | MEDIUM | 4.3 | OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. … | Jul 13, 2026 |
| CVE-2026-62197 | HIGH | 8.5 | OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations … | Jul 13, 2026 |
| CVE-2026-62196 | HIGH | 8.3 | OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform … | Jul 13, 2026 |
| CVE-2026-62195 | HIGH | 8.3 | OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can … | Jul 13, 2026 |
| CVE-2026-62194 | HIGH | 8.8 | OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their … | Jul 13, 2026 |
| CVE-2026-62193 | MEDIUM | 4.9 | OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature … | Jul 13, 2026 |
| CVE-2026-62192 | HIGH | 8.1 | OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. … | Jul 13, 2026 |
| CVE-2026-62191 | HIGH | 7.1 | OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. … | Jul 13, 2026 |
| CVE-2026-62190 | HIGH | 8.8 | OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended … | Jul 13, 2026 |
| CVE-2026-62189 | HIGH | 7.1 | OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers … | Jul 13, 2026 |
| CVE-2026-62188 | HIGH | 8.1 | OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected … | Jul 13, 2026 |
| CVE-2026-62187 | HIGH | 8.1 | OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions … | Jul 13, 2026 |
| CVE-2026-62186 | HIGH | 7.6 | OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. … | Jul 13, 2026 |
| CVE-2026-62185 | HIGH | 7.6 | Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo … | Jul 13, 2026 |
| CVE-2026-62184 | HIGH | 7.5 | luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to … | Jul 13, 2026 |
| CVE-2026-61458 | HIGH | 7.5 | PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a … | Jul 13, 2026 |
| CVE-2026-59801 | CRITICAL | 9.8 | 9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any … | Jul 13, 2026 |
| CVE-2026-58500 | HIGH | 8.2 | MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to … | Jul 13, 2026 |