Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14253
Total
958
Critical
4178
High
4523
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5105 | MEDIUM | 6.3 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing … | Mar 30, 2026 |
| CVE-2026-5104 | MEDIUM | 6.3 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip … | Mar 30, 2026 |
| CVE-2026-5103 | MEDIUM | 6.3 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable … | Mar 30, 2026 |
| CVE-2026-3124 | HIGH | 7.5 | The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function … | Mar 30, 2026 |
| CVE-2025-15036 | CRITICAL | 9.6 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises … | Mar 30, 2026 |
| CVE-2026-5102 | MEDIUM | 6.3 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. … | Mar 30, 2026 |
| CVE-2026-2370 | HIGH | 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect … | Mar 30, 2026 |
| CVE-2025-7741 | UNKNOWN | — | Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within … | Mar 30, 2026 |
| CVE-2026-5101 | MEDIUM | 6.3 | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of … | Mar 29, 2026 |
| CVE-2026-4176 | CRITICAL | 9.8 | Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the … | Mar 29, 2026 |
| CVE-2026-4946 | HIGH | 8.8 | Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with … | Mar 29, 2026 |
| CVE-2026-0562 | HIGH | 8.3 | A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The … | Mar 29, 2026 |
| CVE-2026-0560 | HIGH | 7.5 | A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to … | Mar 29, 2026 |
| CVE-2026-0558 | HIGH | 7.5 | A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does … | Mar 29, 2026 |
| CVE-2026-34005 | HIGH | 8.8 | In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an … | Mar 29, 2026 |
| CVE-2026-5046 | HIGH | 8.8 | A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a … | Mar 29, 2026 |
| CVE-2026-5045 | HIGH | 8.8 | A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation … | Mar 29, 2026 |
| CVE-2026-5044 | HIGH | 8.8 | A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such … | Mar 29, 2026 |
| CVE-2026-33575 | HIGH | 7.5 | OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to … | Mar 29, 2026 |
| CVE-2026-33574 | MEDIUM | 6.2 | OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during … | Mar 29, 2026 |
| CVE-2026-33573 | HIGH | 8.8 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by … | Mar 29, 2026 |
| CVE-2026-33572 | HIGH | 8.4 | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can … | Mar 29, 2026 |
| CVE-2026-32987 | CRITICAL | 9.8 | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times … | Mar 29, 2026 |
| CVE-2026-32980 | HIGH | 7.5 | OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send … | Mar 29, 2026 |
| CVE-2026-32979 | HIGH | 7.3 | OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file … | Mar 29, 2026 |