Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14240
Total
958
Critical
4175
High
4515
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-22569 | MEDIUM | 5.4 | An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare … | Mar 31, 2026 |
| CVE-2026-22561 | UNKNOWN | — | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The … | Mar 31, 2026 |
| CVE-2026-4799 | MEDIUM | 4.3 | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL. | Mar 31, 2026 |
| CVE-2026-34532 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an … | Mar 31, 2026 |
| CVE-2026-34504 | HIGH | 8.3 | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or … | Mar 31, 2026 |
| CVE-2026-34503 | HIGH | 8.1 | OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access … | Mar 31, 2026 |
| CVE-2026-34377 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification … | Mar 31, 2026 |
| CVE-2026-34373 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the … | Mar 31, 2026 |
| CVE-2026-34363 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when … | Mar 31, 2026 |
| CVE-2026-34224 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an … | Mar 31, 2026 |
| CVE-2026-34214 | HIGH | 7.7 | Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access … | Mar 31, 2026 |
| CVE-2026-34210 | UNKNOWN | — | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when … | Mar 31, 2026 |
| CVE-2026-34209 | HIGH | 7.5 | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" … | Mar 31, 2026 |
| CVE-2026-34202 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic … | Mar 31, 2026 |
| CVE-2026-34200 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a … | Mar 31, 2026 |
| CVE-2026-34172 | UNKNOWN | — | Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as … | Mar 31, 2026 |
| CVE-2026-34165 | MEDIUM | 5.0 | go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which … | Mar 31, 2026 |
| CVE-2026-34163 | HIGH | 7.7 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL … | Mar 31, 2026 |
| CVE-2026-34162 | CRITICAL | 10.0 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint … | Mar 31, 2026 |
| CVE-2026-33762 | LOW | 2.8 | go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate … | Mar 31, 2026 |
| CVE-2026-33581 | MEDIUM | 6.5 | OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl … | Mar 31, 2026 |
| CVE-2026-33580 | MEDIUM | 6.5 | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who … | Mar 31, 2026 |
| CVE-2026-33579 | HIGH | 8.1 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. … | Mar 31, 2026 |
| CVE-2026-33578 | MEDIUM | 4.3 | OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open … | Mar 31, 2026 |
| CVE-2026-33577 | HIGH | 8.1 | OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. … | Mar 31, 2026 |