Skip to main content
CVE-2026-24764 LOW POC PATCH Monitor

OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. [CVSS 3.7 LOW]

Code Injection Openclaw
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-24122 LOW POC PATCH Monitor

Cosign provides code signing and transparency for containers and binaries. [CVSS 3.7 LOW]

Authentication Bypass Cosign
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-25120 LOW POC PATCH Monitor

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. [CVSS 2.7 LOW]

Authentication Bypass Gogs
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2692 LOW POC Monitor

Path traversal in CyreneAdmin's image handler endpoint allows authenticated attackers to read arbitrary files on the server through manipulation of the Avatar parameter. The vulnerability affects versions up to 1.3.0 and requires valid user credentials to exploit, limiting the attack surface to authenticated users. Public exploit code exists and no patch is currently available.

Path Traversal Cyreneadmin
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2704 LOW POC PATCH GHSA Monitor

Out-of-bounds read in Open Babel's CIF file handler (versions up to 3.1.1) allows remote denial of service when processing malicious files. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can trigger a crash by sending specially crafted input to the affected transform3d function without requiring authentication or user interaction beyond opening a file.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2705 LOW POC PATCH GHSA Monitor

Out-of-bounds memory reads in Open Babel's MOL2 file handler (via OBAtom::SetFormalCharge function) allow remote attackers to trigger denial of service through malicious molecule files. Public exploit code is available for this vulnerability, which remains unpatched as of the advisory date. Versions up to 3.1.1 are affected.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2693 LOW POC Monitor

Cyreneadmin versions up to 1.3.0. contains a vulnerability that allows attackers to improper authorization (CVSS 4.3).

Information Disclosure Cyreneadmin
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2706 LOW POC Monitor

SQL injection in Patient Record Management System 1.0 via the comp_id parameter in /fecalysis_not.php enables authenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2703 LOW POC PATCH Monitor

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]

Information Disclosure Xlnt
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2733 LOW Monitor

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. [CVSS 3.8 LOW]

Docker
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2026-25423 LOW Monitor

creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite is affected by missing authorization (CVSS 3.8).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-2711 LOW Monitor

Server-side request forgery (SSRF) in worldquant-miner up to version 1.0.9 allows remote attackers to manipulate the make_request parameter in the URL handler component, enabling them to forge requests to internal systems or arbitrary destinations. Public exploit code exists for this vulnerability, though exploitation requires high complexity conditions. The vendor has not yet released a patch despite early notification.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-14270 LOW Monitor

OneClick Chat to Order (WordPress plugin) versions up to 1.0.9. is affected by missing authorization (CVSS 2.7).

WordPress PHP
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2709 LOW Monitor

A flaw has been found in busy versions up to 2.5.5. is affected by url redirection to untrusted site (open redirect) (CVSS 3.5).

Open Redirect
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2702 LOW Monitor

A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did ...

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy