Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41371 | HIGH | 8.5 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target … | Apr 28, 2026 |
| CVE-2026-41370 | MEDIUM | 6.5 | OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote … | Apr 28, 2026 |
| CVE-2026-41369 | MEDIUM | 6.5 | OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can … | Apr 28, 2026 |
| CVE-2026-41368 | MEDIUM | 6.5 | OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin … | Apr 28, 2026 |
| CVE-2026-41367 | MEDIUM | 5.0 | OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component … | Apr 28, 2026 |
| CVE-2026-41366 | MEDIUM | 5.5 | OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory … | Apr 28, 2026 |
| CVE-2026-41365 | MEDIUM | 5.4 | OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should … | Apr 28, 2026 |
| CVE-2026-41364 | HIGH | 8.1 | OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this … | Apr 28, 2026 |
| CVE-2026-41363 | MEDIUM | 5.3 | OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper … | Apr 28, 2026 |
| CVE-2026-41362 | MEDIUM | 4.3 | OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers … | Apr 28, 2026 |
| CVE-2026-40977 | MEDIUM | 4.7 | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the … | Apr 28, 2026 |
| CVE-2026-40976 | CRITICAL | 9.1 | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be … | Apr 28, 2026 |
| CVE-2026-40975 | MEDIUM | 4.8 | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as … | Apr 28, 2026 |
| CVE-2026-40974 | MEDIUM | 5.0 | Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), … | Apr 28, 2026 |
| CVE-2026-40973 | HIGH | 7.0 | A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is … | Apr 28, 2026 |
| CVE-2026-40972 | HIGH | 7.5 | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. … | Apr 28, 2026 |
| CVE-2026-27785 | HIGH | 8.8 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | Apr 28, 2026 |
| CVE-2026-7194 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of … | Apr 27, 2026 |
| CVE-2026-7183 | MEDIUM | 5.3 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component … | Apr 27, 2026 |
| CVE-2026-7179 | MEDIUM | 5.3 | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component … | Apr 27, 2026 |
| CVE-2026-40971 | MEDIUM | 5.0 | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot … | Apr 27, 2026 |
| CVE-2026-28747 | HIGH | 7.1 | A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | Apr 27, 2026 |
| CVE-2026-7178 | HIGH | 7.3 | A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. … | Apr 27, 2026 |
| CVE-2026-7177 | HIGH | 7.3 | A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The … | Apr 27, 2026 |
| CVE-2026-7160 | HIGH | 8.8 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize … | Apr 27, 2026 |