Skip to main content
CVE-2026-28467 MEDIUM POC PATCH This Month

OpenClaw prior to version 2026.2.2 is vulnerable to server-side request forgery through its attachment and media URL processing, allowing unauthenticated remote attackers to make arbitrary HTTP requests to internal resources. Attackers can exploit model-controlled message features to trigger the SSRF and exfiltrate response data as outbound attachments. Public exploit code exists for this vulnerability.

SSRF AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-28492 MEDIUM POC PATCH This Month

File Browser versions prior to 2.61.0 incorrectly set the filesystem root to a parent directory when generating public share links, enabling any user with a share link to access and download files from sibling directories beyond the intended shared folder. This authenticated network-based vulnerability affects Golang and Filebrowser and has public exploit code available. The issue is resolved in version 2.61.0 and later.

Golang Filebrowser Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28350 MEDIUM POC PATCH This Month

lxml_html_clean versions prior to 0.4.4 fail to sanitize <base> HTML tags, allowing attackers to inject malicious base tags and redirect relative links to attacker-controlled domains. Public exploit code exists for this vulnerability. The issue affects applications using the default Cleaner configuration and has been remediated in version 0.4.4.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28348 MEDIUM POC PATCH This Month

lxml_html_clean versions before 0.4.4 fail to properly sanitize CSS Unicode escape sequences in the _has_sneaky_javascript() method, allowing attackers to bypass filters and inject malicious @import statements or XSS payloads. Public exploit code exists for this vulnerability, which affects applications using the library for HTML sanitization. A patch is available in version 0.4.4 and should be applied immediately to prevent CSS-based injection attacks.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29122 MEDIUM POC This Month

Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26377 MEDIUM POC This Month

Koha versions 25.11 and earlier contain a stored cross-site scripting vulnerability in the News function that allows authenticated users to inject malicious scripts affecting other users who view the compromised content. Public exploit code exists for this vulnerability, and attackers can leverage it to steal session data or perform actions on behalf of victims. A patch is not currently available for affected deployments.

XSS Koha
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-29125 MEDIUM POC This Month

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 4.7).

DNS Denial Of Service Sfx2100 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-30796 MEDIUM This Month

RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.

Apple Microsoft Information Disclosure Rustdesk Rustdesk Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-28450 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.12 with the Nostr plugin enabled contain unauthenticated API endpoints that allow remote attackers to read and modify Nostr profiles without authentication when the gateway HTTP port is network-accessible. Attackers can exploit this to steal sensitive profile data, alter gateway configuration, and sign malicious Nostr events using the bot's private key. A patch is available for affected installations.

Authentication Bypass Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-28277 MEDIUM PATCH This Month

LangGraph SQLite Checkpoint versions 1.0.9 and prior are vulnerable to unsafe deserialization of msgpack-encoded objects, allowing attackers with write access to the checkpoint database to execute arbitrary code when checkpoints are loaded. This vulnerability affects Python-based AI/ML applications using LangGraph's persistence layer and requires adversary control of the backing storage to exploit. No public patch is currently available for this issue.

Python Deserialization
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-28547 MEDIUM This Month

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-26124 MEDIUM PATCH This Month

'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]

Information Disclosure Microsoft Aci Confidential Containers
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-23651 MEDIUM PATCH This Month

Privilege escalation in Azure Compute Gallery's regex validation enables high-privileged local users to gain unauthorized system access on affected Microsoft and ACI Confidential Containers systems. An authenticated attacker with elevated permissions can exploit the permissive pattern matching to bypass security controls and achieve full system compromise. No patch is currently available, making this a medium-severity risk for environments running vulnerable versions.

Information Disclosure Microsoft Aci Confidential Containers
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-26033 MEDIUM This Month

Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) contains a security vulnerability (CVSS 6.7).

RCE Ups Multi Ups Management Console
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-28549 MEDIUM This Month

Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-26122 MEDIUM PATCH This Month

Unauthorized information disclosure in Azure Compute Gallery occurs due to insecure default initialization settings that authenticated users can exploit to access sensitive data remotely. An authorized attacker can leverage this vulnerability to read confidential information without requiring user interaction. No patch is currently available for Microsoft products and ACI Confidential Containers.

Information Disclosure Microsoft Aci Confidential Containers
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-28394 MEDIUM PATCH This Month

Openclaw versions up to 2026.2.15 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-2899 MEDIUM This Month

Unauthenticated attackers can delete arbitrary WordPress media attachments in Fluent Forms Pro Add On Pack versions up to 6.1.17 due to missing authorization checks in the deleteFile() AJAX action. The vulnerable endpoint is accessible to unauthenticated users and accepts an attachment_id parameter without nonce verification or capability validation. No patch is currently available for this medium-severity vulnerability affecting WordPress sites.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-30777 MEDIUM PATCH This Month

EC-CUBE administrative authentication can be bypassed by attackers possessing valid admin credentials, allowing them to circumvent multi-factor authentication protections and access the admin panel. This vulnerability (CVSS 6.5) affects administrators or high-privileged users whose credentials have been compromised, potentially enabling unauthorized administrative access.

Authentication Bypass Ec Cube
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-28104 MEDIUM This Month

Site Suggest plugin version 1.3.9 and earlier lacks proper access control checks, enabling unauthenticated remote attackers to access restricted functionality and modify data. The vulnerability affects installations without authentication requirements and could allow attackers to manipulate site suggestions or related content without authorization. No patch is currently available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22459 MEDIUM This Month

Improper access control in the Blend Media WordPress CTA easy-sticky-sidebar plugin through version 1.7.4 allows unauthenticated attackers to exploit misconfigured security levels and gain unauthorized access to sensitive functionality. The vulnerability affects WordPress installations running the vulnerable plugin versions and could enable attackers to read restricted information or disrupt service availability. No security patch is currently available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-29606 MEDIUM PATCH This Month

Openclaw versions up to 2026.2.14 is affected by missing authentication for critical function (CVSS 6.5).

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22723 MEDIUM PATCH This Month

Cloudfoundry UAA versions 77.30.0 through 78.7.0 and Cloudfoundry Deployment versions 48.7.0 through 54.10.0 contain a logic error in the token revocation endpoint that allows authenticated users to inadvertently revoke tokens belonging to other users. An attacker with valid credentials could exploit this flaw to disrupt service availability by invalidating legitimate user sessions without authorization.

Information Disclosure Cf Deployment Uaa Release
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28480 MEDIUM POC PATCH This Month

OpenClaw prior to version 2026.2.14 fails to properly validate Telegram allowlist entries by accepting mutable usernames instead of immutable user IDs, enabling attackers to register recycled usernames and bypass access controls. An unauthenticated attacker can exploit this flaw to impersonate legitimate users and send unauthorized commands to OpenClaw bots. No patch is currently available.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29081 MEDIUM This Month

Frappe versions prior to 14.100.1 and 15.100.0 contain a SQL injection vulnerability in an endpoint that allows authenticated attackers to extract sensitive information from the database. An attacker with valid credentials can craft malicious requests to bypass query protections and access confidential data without modifying or disrupting system availability. No patch is currently available for affected deployments.

SQLi Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27362 MEDIUM This Month

kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27354 MEDIUM This Month

WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by cross-site scripting (xss) (CVSS 6.5).

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23546 MEDIUM This Month

RadiusTheme Classified Listing plugin through version 5.3.4 exposes sensitive data in sent communications due to improper information handling. An authenticated attacker can retrieve embedded sensitive information from network traffic without modifying data or disrupting service. No patch is currently available for this vulnerability.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69343 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19. [CVSS 6.5 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28481 MEDIUM PATCH This Month

OpenClaw versions 2026.1.30 and earlier leak authentication bearer tokens to untrusted domains when the optional MS Teams attachment downloader extension is enabled, due to overly permissive suffix-based domain allowlisting during download retries. An attacker could harvest these tokens from allowed domains to compromise authenticated sessions. No patch is currently available, affecting users of the vulnerable versions.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2893 MEDIUM This Month

SQL injection in WordPress Page and Post Clone plugin up to version 6.3 allows authenticated contributors and above to extract sensitive database information through a second-order injection via the meta_key parameter. The vulnerability stems from insufficient input escaping and query preparation in the content_clone() function, with malicious payloads stored as post metadata and executed during the clone operation. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28038 MEDIUM This Month

Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23799 MEDIUM This Month

Themeum Tutor LMS through version 3.9.5 contains an authorization bypass that allows authenticated users to modify content they should not have access to due to improper access control validation. An attacker with valid credentials can exploit this vulnerability to alter course materials and settings without proper permission checks. No patch is currently available for this medium-severity issue.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28552 MEDIUM This Month

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7375 MEDIUM This Month

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. [CVSS 6.5 MEDIUM]

Denial Of Service Omada Eap610 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28343 MEDIUM PATCH This Month

CKEditor 5 versions before 47.6.0 contain a stored XSS vulnerability in the General HTML Support feature that allows attackers to execute arbitrary JavaScript by injecting malicious markup into documents processed by vulnerable editor instances. This vulnerability affects users relying on unsafe General HTML Support configurations, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for affected deployments.

XSS RCE Ckeditor5
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3034 MEDIUM This Month

OoohBoi Steroids for Elementor (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2593 MEDIUM This Month

Stored Cross-Site Scripting in the Greenshift page builder plugin for WordPress (versions up to 12.8.5) allows authenticated users with Contributor privileges or higher to inject malicious scripts through the `_gspb_post_css` post meta and `dynamicAttributes` block attributes due to inadequate input sanitization. When other users access affected pages, the injected scripts execute in their browsers, potentially compromising their sessions or stealing sensitive data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-28036 MEDIUM This Month

SkatDesign Ratatouille versions up to 1.2.6 contain a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests from the affected system. An attacker with valid credentials can leverage this flaw to access internal services, retrieve sensitive information, or perform actions on behalf of the server across different security domains. No patch is currently available for this medium-severity vulnerability.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-28395 MEDIUM PATCH This Month

OpenClaw Chrome extension relay server versions prior to 2026.2.12 improperly bind to all network interfaces when wildcard cdpUrl values are configured, enabling remote attackers to discover service endpoints and port information. An attacker can exploit this exposure to conduct denial-of-service attacks and brute-force attempts against the relay token authentication mechanism without requiring local access.

Google Information Disclosure Chrome
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-28476 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.14 fail to validate base URLs in the Tlon Urbit extension, allowing attackers to trigger server-side request forgery attacks that direct the gateway to arbitrary hosts, including internal systems. This network-accessible vulnerability requires no authentication and can result in information disclosure and service disruption. No patch is currently available.

SSRF Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-28071 MEDIUM This Month

Unauthorized access in PixFort Core through version 3.2.22 allows authenticated attackers to bypass access control restrictions and modify system data due to improper authorization checks. An attacker with valid credentials could exploit this vulnerability to access or modify resources they should not have permission to interact with. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28544 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28539 MEDIUM This Month

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28222 MEDIUM PATCH This Month

Stored XSS in Wagtail's TableBlock allows authenticated users with page editing permissions to inject malicious class attributes that execute arbitrary JavaScript when pages are viewed by other users. An attacker could exploit this to perform administrative actions or steal credentials from higher-privileged users viewing the compromised content. The vulnerability affects Wagtail versions prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1, with patches now available.

Django XSS Wagtail
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-28223 MEDIUM PATCH This Month

Stored XSS in Wagtail's simple_translation module allows authenticated admin users to inject malicious JavaScript through specially-crafted page titles that executes when other admins perform translation actions, potentially compromising their credentials. The vulnerability affects Wagtail versions prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1, and requires admin-level access to exploit, limiting exposure to internal threats. Patches are available for all affected versions.

Django XSS Wagtail
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-29052 MEDIUM This Month

HumHub Calendar module versions prior to 1.8.11 contain a stored XSS vulnerability in Event Types that allows attackers to inject malicious scripts viewed by users accessing events created by administrative accounts. An attacker with event creation privileges can execute arbitrary JavaScript in the browsers of users viewing affected events, potentially compromising session tokens or sensitive information. No patch is currently available for affected installations.

XSS Calendar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-26195 MEDIUM PATCH This Month

Stored cross-site scripting in Gogs prior to version 0.14.2 allows unauthenticated attackers to inject malicious scripts through template rendering of user-controlled data, potentially affecting all users viewing compromised content. The vulnerability exploits unsafe handling of data URLs combined with permissive sanitization, enabling attackers to steal session cookies, deface pages, or perform actions on behalf of victims. A patch is available in version 0.14.2 and later.

XSS Gogs Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27982 MEDIUM PATCH This Month

Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Django Open Redirect Allauth Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28486 MEDIUM PATCH This Month

OpenClaw versions 2026.1.16 through 2026.2.13 allow local attackers to write arbitrary files outside intended directories by supplying malicious archives to the skills, hooks, plugins, or signal installation commands. Successful exploitation enables attackers to achieve code execution or establish persistence on affected systems. A patch is available for affected users.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy