Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41374 | MEDIUM | 5.3 | OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing … | Apr 28, 2026 |
| CVE-2026-41373 | MEDIUM | 6.1 | OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER … | Apr 28, 2026 |
| CVE-2026-3893 | CRITICAL | 9.4 | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions … | Apr 28, 2026 |
| CVE-2026-38949 | UNKNOWN | — | Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user … | Apr 28, 2026 |
| CVE-2026-24231 | MEDIUM | 6.3 | NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint … | Apr 28, 2026 |
| CVE-2026-24222 | HIGH | 8.6 | NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that … | Apr 28, 2026 |
| CVE-2026-24204 | MEDIUM | 6.5 | NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may … | Apr 28, 2026 |
| CVE-2026-24186 | HIGH | 8.8 | NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A … | Apr 28, 2026 |
| CVE-2026-24178 | CRITICAL | 9.8 | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A … | Apr 28, 2026 |
| CVE-2026-41873 | CRITICAL | 9.8 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects … | Apr 28, 2026 |
| CVE-2026-38948 | MEDIUM | 5.4 | Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, … | Apr 28, 2026 |
| CVE-2026-38651 | HIGH | 8.2 | Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. … | Apr 28, 2026 |
| CVE-2025-60889 | UNKNOWN | — | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | Apr 28, 2026 |
| CVE-2025-60887 | MEDIUM | 5.3 | An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which … | Apr 28, 2026 |
| CVE-2026-7324 | HIGH | 7.3 | Memory safety bugs present in Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of … | Apr 28, 2026 |
| CVE-2026-7323 | HIGH | 7.3 | Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with … | Apr 28, 2026 |
| CVE-2026-7322 | HIGH | 7.3 | Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we … | Apr 28, 2026 |
| CVE-2026-7321 | CRITICAL | 9.6 | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1. | Apr 28, 2026 |
| CVE-2026-7320 | HIGH | 7.5 | Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. | Apr 28, 2026 |
| CVE-2026-7289 | HIGH | 8.8 | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results … | Apr 28, 2026 |
| CVE-2026-7288 | HIGH | 8.8 | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url … | Apr 28, 2026 |
| CVE-2026-7283 | MEDIUM | 4.7 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation … | Apr 28, 2026 |
| CVE-2026-7282 | MEDIUM | 4.7 | A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-40969 | LOW | 3.7 | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain … | Apr 28, 2026 |
| CVE-2026-40968 | MEDIUM | 4.2 | When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited … | Apr 28, 2026 |