Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31955 | MEDIUM | 4.9 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) … | Apr 24, 2026 |
| CVE-2026-31953 | MEDIUM | 6.4 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability … | Apr 24, 2026 |
| CVE-2026-40630 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network … | Apr 24, 2026 |
| CVE-2026-40623 | HIGH | 8.1 | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due … | Apr 24, 2026 |
| CVE-2026-40620 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive … | Apr 24, 2026 |
| CVE-2026-40431 | MEDIUM | 5.3 | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication … | Apr 24, 2026 |
| CVE-2026-39462 | HIGH | 8.1 | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on … | Apr 24, 2026 |
| CVE-2026-35503 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed … | Apr 24, 2026 |
| CVE-2026-35064 | HIGH | 7.5 | A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and … | Apr 24, 2026 |
| CVE-2026-31952 | HIGH | 7.6 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an … | Apr 24, 2026 |
| CVE-2026-29197 | MEDIUM | 4.3 | In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, … | Apr 24, 2026 |
| CVE-2026-29051 | MEDIUM | 4.4 | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also … | Apr 24, 2026 |
| CVE-2026-29050 | MEDIUM | 6.1 | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a … | Apr 24, 2026 |
| CVE-2026-27843 | CRITICAL | 9.1 | A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying … | Apr 24, 2026 |
| CVE-2026-27841 | HIGH | 8.1 | A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does … | Apr 24, 2026 |
| CVE-2026-25775 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related … | Apr 24, 2026 |
| CVE-2026-25720 | MEDIUM | 5.4 | A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without … | Apr 24, 2026 |
| CVE-2026-1789 | MEDIUM | 4.9 | A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production … | Apr 24, 2026 |
| CVE-2026-6732 | MEDIUM | 6.5 | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an … | Apr 23, 2026 |
| CVE-2026-41361 | HIGH | 7.1 | OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting … | Apr 23, 2026 |
| CVE-2026-41360 | MEDIUM | 6.7 | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can … | Apr 23, 2026 |
| CVE-2026-41359 | HIGH | 7.1 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the … | Apr 23, 2026 |
| CVE-2026-41358 | MEDIUM | 5.4 | OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages … | Apr 23, 2026 |
| CVE-2026-41357 | LOW | 3.3 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by … | Apr 23, 2026 |
| CVE-2026-41356 | MEDIUM | 5.4 | OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket … | Apr 23, 2026 |