Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14253
Total
958
Critical
4178
High
4523
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32978 | HIGH | 8.0 | OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. … | Mar 29, 2026 |
| CVE-2026-32975 | CRITICAL | 9.8 | OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can … | Mar 29, 2026 |
| CVE-2026-32974 | HIGH | 8.6 | OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated … | Mar 29, 2026 |
| CVE-2026-32973 | CRITICAL | 9.8 | OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers … | Mar 29, 2026 |
| CVE-2026-32972 | HIGH | 7.1 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers … | Mar 29, 2026 |
| CVE-2026-32924 | CRITICAL | 9.8 | OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers … | Mar 29, 2026 |
| CVE-2026-32923 | MEDIUM | 5.4 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild … | Mar 29, 2026 |
| CVE-2026-32922 | CRITICAL | 9.9 | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to … | Mar 29, 2026 |
| CVE-2026-32919 | MEDIUM | 6.1 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests … | Mar 29, 2026 |
| CVE-2026-32918 | HIGH | 8.4 | OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers … | Mar 29, 2026 |
| CVE-2026-32915 | HIGH | 8.8 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead … | Mar 29, 2026 |
| CVE-2026-32914 | HIGH | 8.8 | OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers … | Mar 29, 2026 |
| CVE-2026-23400 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death … | Mar 29, 2026 |
| CVE-2026-5043 | HIGH | 8.8 | A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. … | Mar 29, 2026 |
| CVE-2026-5042 | HIGH | 8.8 | A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter … | Mar 29, 2026 |
| CVE-2026-5041 | MEDIUM | 4.7 | A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of … | Mar 29, 2026 |
| CVE-2026-5037 | LOW | 3.3 | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a … | Mar 29, 2026 |
| CVE-2026-5036 | HIGH | 8.8 | A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation … | Mar 29, 2026 |
| CVE-2026-5035 | HIGH | 7.3 | A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such … | Mar 29, 2026 |
| CVE-2026-5034 | HIGH | 7.3 | A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component … | Mar 29, 2026 |
| CVE-2026-5033 | HIGH | 7.3 | A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter … | Mar 29, 2026 |
| CVE-2026-5031 | MEDIUM | 4.3 | A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation … | Mar 29, 2026 |
| CVE-2026-5030 | MEDIUM | 6.3 | A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The … | Mar 29, 2026 |
| CVE-2026-5024 | HIGH | 8.8 | A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime … | Mar 29, 2026 |
| CVE-2026-5023 | MEDIUM | 5.3 | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix … | Mar 29, 2026 |