Skip to main content
CVE-2026-28457 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.14 allow local attackers to write arbitrary files outside the sandbox directory through path traversal sequences in crafted skill package names when sandbox skill mirroring is enabled. An attacker can exploit this by providing a malicious skill package with traversal patterns like ../ or absolute paths in the frontmatter name parameter, potentially compromising system integrity. A patch is available to remediate this vulnerability.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28464 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.12 are vulnerable to timing-based token extraction attacks due to non-constant-time string comparison in hook authentication. A network-based attacker can exploit this side-channel vulnerability to gradually recover the hook validation token through repeated timing measurements across multiple requests. The vulnerability requires repeated probing but poses a confidentiality risk to systems using vulnerable versions.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-28465 MEDIUM PATCH This Month

OpenClaw voice-call plugin versions before 2026.2.3 allow remote attackers to forge webhook events by exploiting improper authentication in reverse-proxy environments where forwarded headers are implicitly trusted. An unauthenticated attacker can manipulate Forwarded or X-Forwarded-* headers to bypass webhook verification and spoof legitimate events. A patch is available to address this authentication bypass vulnerability.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-29613 MEDIUM PATCH This Month

Openclaw versions up to 2026.2.12 is affected by missing authentication for critical function (CVSS 5.9).

React Openclaw
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-27344 MEDIUM This Month

Inseri Core versions up to 1.0.5 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability has a CVSS score of 5.3 and currently lacks a patch, putting deployments at risk until remediation is available.

Authentication Bypass
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28546 MEDIUM This Month

Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28545 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28538 MEDIUM This Month

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Path Traversal Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-43035 MEDIUM PATCH This Month

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. [CVSS 5.8 MEDIUM]

Path Traversal
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-68515 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12. [CVSS 5.8 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-30789 MEDIUM This Month

Authentication bypass in RustDesk Client through 1.4.5 across Windows, macOS, Linux, iOS, and Android allows remote attackers to replay captured session IDs and login proofs to impersonate legitimate peers without knowing the original credentials. The flaw stems from insufficient computational effort in the hash_password() routine combined with reusable session identifiers in the login proof construction, enabling capture-replay attacks against the peer authentication module. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.04% (12th percentile).

Authentication Bypass Google Microsoft Apple Rustdesk
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-28452 MEDIUM PATCH This Month

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Denial Of Service Openclaw
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-29612 MEDIUM PATCH This Month

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Denial Of Service Openclaw
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-27411 MEDIUM This Month

The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64166 MEDIUM PATCH This Month

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or text/plain could be misinterpreted as application/json. This misint...

CSRF Mercurius
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-28471 MEDIUM PATCH This Month

OpenClaw versions 2026.1.14-1 through 2026.2.1 with the Matrix plugin enabled fail to validate homeserver identity when checking direct message allowlists, allowing remote attackers to impersonate authorized users by spoofing display names or local identifiers from different homeservers. This bypass enables unauthorized access to routing and agent pipelines for authenticated Matrix users on remote servers. A patch is available in version 2026.2.2 and later.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26196 MEDIUM PATCH This Month

Gogs versions prior to 0.14.2 expose authentication tokens in URL parameters, allowing credentials to be captured through server logs, browser history, and HTTP referrer headers. This information disclosure vulnerability affects self-hosted Gogs instances and could enable attackers to gain unauthorized API access if tokens are leaked through these channels. A patch is available in version 0.14.2 and later.

Information Disclosure Gogs Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28413 MEDIUM PATCH This Month

Products.isurlinportal is a replacement for isURLInPortal method in Plone. versions up to 2.1.0 is affected by url redirection to untrusted site (open redirect) (CVSS 5.3).

Open Redirect Isurlinportal
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28537 MEDIUM This Month

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-27023 MEDIUM This Month

Twenty CRM versions prior to 1.18 allow authenticated users to bypass SSRF protections by exploiting unvalidated HTTP redirect targets, enabling access to private IP addresses through attacker-controlled intermediaries. An attacker with control over webhook endpoints or image URLs can leverage this vulnerability to reach restricted internal resources that would normally be blocked.

SSRF Twenty
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-3523 MEDIUM This Month

SQL injection in the Apocalypse Meow WordPress plugin up to version 22.1.0 allows authenticated administrators to execute arbitrary SQL queries due to a flawed validation check combined with improper quote escaping. An authenticated attacker with administrator privileges can exploit this via the 'type' parameter to extract sensitive database information. No patch is currently available.

WordPress PHP SQLi
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-28078 MEDIUM This Month

Stylemix uListing versions 2.2.0 and earlier contain a path traversal vulnerability that allows authenticated users with high privileges to access files outside the intended directory structure and read sensitive information. The vulnerability requires valid credentials and does not enable file modification or system disruption, limiting its impact to unauthorized information disclosure.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-30783 MEDIUM This Month

Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.

Information Disclosure Google Apple Microsoft Rustdesk
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-28475 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.13 are vulnerable to timing side-channel attacks on hook token validation due to use of non-constant-time string comparison. Remote attackers can exploit this weakness by measuring response times across multiple requests to gradually recover authentication tokens for the hooks endpoint. This affects confidentiality and integrity of OpenClaw deployments accessible over the network.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-28551 MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-26998 MEDIUM PATCH This Month

Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.

Denial Of Service Traefik Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28543 MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-22052 MEDIUM This Month

NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.

Information Disclosure Ontap
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3236 MEDIUM This Month

Octopus Server allows authenticated attackers to generate new API keys from existing access tokens with extended lifetimes that exceed the original token's validity period. This token lifetime extension vulnerability (CWE-863) could enable attackers with valid credentials to maintain persistent access beyond intended restrictions. The vulnerability affects Octopus Server with no patch currently available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27723 MEDIUM This Month

Unauthorized wiki page creation in OpenProject prior to versions 17.0.5 and 17.1.2 allows authenticated attackers to bypass project access controls and create pages in projects they lack permission to access. The vulnerability stems from improper authentication validation on wiki page creation requests, enabling an attacker to modify project documentation without proper authorization. No patch is currently available for affected versions.

Authentication Bypass Openproject
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3072 MEDIUM This Month

The Media Library Assistant plugin for WordPress through version 3.33 fails to validate user permissions in the mla_update_compat_fields_action() function, allowing authenticated subscribers and higher-privileged users to modify taxonomy terms on any attachment. This authorization bypass enables attackers to alter attachment metadata without proper capability restrictions. A patch is not currently available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28550 MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28541 MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28540 MEDIUM This Month

Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy