Skip to main content
CVE-2026-33299 MEDIUM PATCH This Month

Stored XSS in OpenEMR prior to 8.0.0.2 allows authenticated users with the "Notes - my encounters" role to inject malicious JavaScript into Eye Exam form fields, which executes when other users with the same role view the form responses. An attacker can exploit this to steal session tokens, perform unauthorized actions, or compromise patient data through form manipulation. No patch is currently available for affected versions.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32753 MEDIUM This Month

Stored XSS in FreeScout 1.8.208 and earlier allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by uploading a malicious SVG file with a .png extension and image/svg+xml content type, bypassing both the attachment view logic and SVG sanitizer. The vulnerability exploits a fallback mechanism that unsafely processes invalid XML, enabling script execution when the file is rendered inline. An attacker with upload permissions can compromise other users' sessions and data through this cross-site scripting attack.

XSS Freescout
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21788 MEDIUM This Month

HCL Connections contains a reflected or stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious JavaScript into the application, which executes in the browsers of other users who interact with the crafted payload. An attacker with valid credentials can steal session cookies and authentication tokens, potentially compromising victim accounts and enabling further attacks such as lateral movement or data exfiltration. The vulnerability requires user interaction and authentication to exploit, resulting in a CVSS score of 5.4 (Medium severity), though the impact is cross-site scope.

XSS Connections
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33303 MEDIUM PATCH This Month

Stored XSS in OpenEMR versions before 8.0.0.2 allows authenticated patient portal users to inject malicious scripts into their login username, which execute in the browsers of clinic staff when viewing the portal credential creation page. This vulnerability enables attackers to compromise staff and admin sessions through the patient context, potentially leading to unauthorized access or data manipulation within the healthcare system. A patch is available in version 8.0.0.2 and later.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-29105 MEDIUM This Month

SuiteCRM versions prior to 7.15.1 and 8.9.3 contain an unauthenticated open redirect vulnerability in the WebToLead feature that allows attackers to redirect users to arbitrary external websites by manipulating an unvalidated POST parameter. An attacker can leverage the trusted SuiteCRM domain to conduct phishing and social engineering attacks against users without requiring authentication or user interaction beyond clicking a malicious link. No patch is currently available for affected versions.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-15051 MEDIUM PATCH This Month

IBM QRadar SIEM contains a reflected or stored cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code, potentially altering system functionality and compromising the integrity of security monitoring. The vulnerability affects QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14. An attacker with valid credentials can craft malicious payloads to execute client-side code in the context of other users' sessions, leading to session hijacking, credential theft, or unauthorized configuration changes. A patch is available from IBM, and this vulnerability is not currently listed in CISA's KEV catalog, suggesting limited evidence of active exploitation in the wild at this time.

IBM XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1276 MEDIUM PATCH This Month

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code. An attacker with valid credentials can exploit this vulnerability to alter UI functionality and potentially steal session credentials or perform actions on behalf of the victim user within their trusted session. A patch is available from the vendor, though no public exploitation toolkit or widespread active exploitation has been reported at the time of this analysis.

IBM XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33410 MEDIUM This Month

A remote code execution vulnerability in Discourse (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33305 MEDIUM PATCH This Month

A remote code execution vulnerability in OpenEMR (CVSS 5.4) that allows any authenticated openemr user. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33295 MEDIUM This Month

Stored cross-site scripting in the WWBN/AVideo CDN plugin allows authenticated attackers to inject malicious JavaScript through improperly sanitized video titles, which executes when users access download pages. An attacker with video creation or modification privileges can compromise any user viewing the affected download interface. No patch is currently available for PHP and Python implementations.

PHP XSS Python
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-31995 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-3475 MEDIUM This Month

A remote code execution vulnerability in Instant Popup Builder (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24299 MEDIUM PATCH This Month

M365 Copilot is vulnerable to command injection that enables unauthenticated remote attackers to extract sensitive information through the network. The vulnerability stems from inadequate sanitization of special characters in command inputs, requiring user interaction to trigger. No patch is currently available for this medium-severity flaw.

Command Injection 365 Copilot
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32867 MEDIUM PATCH This Month

OPEXUS eComplaint versions before 10.1.0.0 allow unauthenticated attackers to enumerate case numbers and upload arbitrary files to the public document upload interface, potentially cluttering cases with malicious content and consuming server storage. The vulnerability requires user interaction but has no authentication requirements, affecting all instances running vulnerable versions with no available patch.

Authentication Bypass Ecomplaint
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-27454 MEDIUM PATCH This Month

Unauthorized access to hidden post revisions in Discourse through version enumeration allows unauthenticated users to bypass authorization checks and read staff-concealed edit history. The /posts/:id.json endpoint fails to validate user permissions before displaying revision content, enabling attackers to enumerate version numbers and access sensitive historical data. Affected deployments should upgrade to versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2 as no workarounds are available.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32002 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.23 allow authenticated users to bypass sandbox restrictions and read files outside the intended workspace by exploiting inadequate path validation in the sandboxed image tool. An attacker with valid credentials can exfiltrate sensitive files by leveraging vision model provider integrations, compromising the confidentiality of restricted data.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28070 MEDIUM This Month

WP eMember through version 10.2.2 contains an authorization bypass flaw that allows unauthenticated remote attackers to circumvent access control restrictions and view protected content. The vulnerability stems from improper validation of security level configurations, enabling unauthorized information disclosure without user interaction. No patch is currently available for this issue.

Authentication Bypass Wp Emember
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27936 MEDIUM PATCH This Month

A remote code execution vulnerability in Discourse (CVSS 5.3) that allows restricted post action counts. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27670 MEDIUM PATCH This Month

OpenClaw versions before 2026.3.2 are vulnerable to a race condition in ZIP extraction that permits local attackers with limited privileges to write arbitrary files outside the intended extraction directory. By manipulating symlinks between path validation and write operations, an attacker can achieve arbitrary file placement on the system. A patch is available to resolve this integrity issue.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33311 MEDIUM PATCH This Month

DiceBear avatar generation libraries (@dicebear/core and @dicebear/initials) are vulnerable to stored XSS through unescaped SVG attributes when user-supplied options like backgroundColor, fontFamily, and textColor are directly interpolated into SVG output. Attackers can inject malicious JavaScript that executes when the resulting SVG is rendered inline or served with SVG content-type, affecting any application that passes untrusted input to the createAvatar() function. No patch is currently available.

XSS
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
3.0%
CVE-2026-32843 MEDIUM This Month

Linkit ONE Location Aware Sensor System (LASS) up to commit f06bd20 contains reflected cross-site scripting (XSS) in PM25.php that permits remote attackers to execute arbitrary JavaScript in victim browsers through unencoded GET parameters (site, city, district, channel, apikey). The vulnerability affects a sensor data collection platform and carries a low exploitation probability (EPSS 0.21%, percentile 43%), suggesting limited real-world attack activity despite public disclosure through VulnCheck.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-32869 MEDIUM PATCH This Month

This vulnerability is a stored/reflected cross-site scripting (XSS) flaw in OPEXUS eComplaint and eCASE that allows authenticated attackers to inject malicious JavaScript into the 'Name of Organization' field during case creation. When a victim views the affected case information page, the unvalidated payload executes in their browser session, potentially leading to session hijacking, credential theft, or unauthorized actions. With a CVSS score of 5.5 (medium severity) requiring low attack complexity and user interaction, this represents a meaningful risk to authenticated users, though the requirement for prior authentication and user interaction limits its immediate exploitability.

XSS Ecomplaint Ecase
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32868 MEDIUM PATCH This Month

This is a stored cross-site scripting (XSS) vulnerability in OPEXUS eComplaint and eCASE platforms where the first and last name fields in the 'My Information' screen fail to properly sanitize user input. An authenticated attacker can inject malicious JavaScript code into these fields, which executes in the context of victim sessions when the full name is rendered, allowing credential theft, session hijacking, or malicious actions on behalf of the victim. The CVSS 5.5 score reflects moderate risk (low integrity/confidentiality/availability impact) mitigated by authentication requirements and user interaction necessity, though the practical risk depends on deployment context and whether patches are available.

XSS Ecomplaint Ecase
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32866 MEDIUM PATCH This Month

This is a stored cross-site scripting (XSS) vulnerability in OPEXUS eComplaint and eCASE versions before 10.2.0.0, where user profile first and last name fields lack proper input sanitization. An authenticated attacker can inject malicious JavaScript payloads into these fields, which execute in the context of any victim's session when the attacker's full name is rendered, allowing theft of session tokens, credential harvesting, or account manipulation. The vulnerability carries a CVSS 5.5 (medium) score but poses real risk due to its authenticated-but-no-special-privileges requirement and user interaction dependency; exploitation is likely straightforward given the simplicity of XSS injection techniques.

XSS Ecase
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-13995 MEDIUM PATCH This Month

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-tenant information disclosure vulnerability that allows an authenticated attacker with access to one tenant account to retrieve hostname data belonging to other tenants. The vulnerability has a CVSS score of 5.0 with low attack complexity and requires only user-level privileges, making it a practical risk in multi-tenant deployments. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept code.

IBM Information Disclosure
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-29107 MEDIUM This Month

Server-Side Request Forgery in SuiteCRM versions prior to 7.15.1 and 8.9.3 allows authenticated users to craft malicious PDF templates containing image tags that trigger server-side HTTP requests when PDFs are generated. An attacker with login credentials can exploit this to scan internal networks, access local services, or exfiltrate data from the server's perspective. No patch is currently available for affected versions.

SSRF Suitecrm
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33294 MEDIUM This Month

The BulkEmbed plugin in AVideo fails to validate thumbnail URLs in its save endpoint, allowing authenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and retrieve responses from internal network resources. An attacker can supply malicious URLs via the bulk embed feature to force the server to make HTTP requests to internal systems and view the cached thumbnail responses. This vulnerability affects PHP-based AVideo installations and requires authentication to exploit.

PHP SSRF Google Microsoft
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-2646 MEDIUM This Month

Heap buffer overflow in wolfSSL's session deserialization function allows local attackers with low privileges to corrupt heap memory by crafting malicious session data with invalid certificate lengths. The vulnerability affects systems with SESSION_CERTS enabled that load external session data, requiring user interaction or specific configuration to exploit. No patch is currently available.

Buffer Overflow Heap Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
5.0
EPSS
0.0%
CVE-2026-29101 MEDIUM This Month

SuiteCRM versions prior to 7.15.1 and 8.9.3 contain a denial-of-service vulnerability that allows authenticated attackers with high privileges to crash the application through path traversal manipulation. An attacker with administrative credentials can exploit this remotely to disrupt service availability without requiring user interaction. No patch is currently available for this vulnerability.

Information Disclosure Suitecrm
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-29098 MEDIUM This Month

Path traversal in SuiteCRM's ModuleBuilder module (versions prior to 7.15.1 and 8.9.3) allows authenticated administrators to read arbitrary files from the server by manipulating the `$modules` and `$name` parameters, which are improperly validated before being used in file operations. An attacker with ModuleBuilder access can exploit this to copy sensitive files from any readable directory into the web root, exposing their contents through the web server.

PHP Path Traversal
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-30873 MEDIUM This Month

A security vulnerability in versions (CVSS 4.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Openwrt
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-31993 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.22 contain an allowlist parsing flaw in the macOS companion app that enables authenticated operators with elevated privileges to bypass command execution controls and run arbitrary commands on paired hosts. The vulnerability affects systems with operator.write access and macOS beta nodes, allowing attackers to craft malicious shell-chain payloads that circumvent validation checks. A security patch is available.

Apple Authentication Bypass Openclaw macOS
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-32031 MEDIUM PATCH This Month

OpenClaw server-http versions before 2026.2.26 permit unauthenticated access to protected plugin channel APIs through path canonicalization mismatches between gateway and routing handlers. Remote attackers can exploit this authentication bypass by crafting requests with alternative path encodings to reach sensitive endpoints without valid credentials. No patch is currently available for this medium-severity issue.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-3580 MEDIUM PATCH This Month

CVE-2026-3580 is a security vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-32040 MEDIUM PATCH This Month

OpenClaw prior to version 2026.2.23 allows local authenticated attackers to inject malicious code into exported HTML sessions through specially crafted mimeType values in image content blocks. When a user opens the exported HTML file, the injected code executes arbitrary JavaScript in their browser context. Exploitation requires local access and user interaction to open the malicious HTML file.

XSS Openclaw
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-33306 MEDIUM PATCH This Month

JRuby's BCrypt implementation suffers from a signed integer overflow when the cost parameter is set to 31, causing the key-strengthening loop to execute zero iterations and reducing password hashing to a negligible computational cost. Applications using bcrypt-ruby with cost=31 generate seemingly valid hashes that verify correctly but provide virtually no protection against brute-force attacks. No patch is currently available for this vulnerability.

Java Integer Overflow Buffer Overflow Red Hat bcrypt
NVD GitHub VulDB
CVSS 4.0
4.5
EPSS
0.0%
CVE-2026-33326 MEDIUM PATCH This Month

CVE-2026-33326 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
1.0%
CVE-2026-33395 MEDIUM This Month

Authenticated users can inject persistent JavaScript through malicious DOT graph definitions in the discourse-graphviz plugin on Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, enabling stored XSS attacks when Content Security Policy is disabled. Affected instances should upgrade to patched versions, disable the plugin, or enforce a CSP as a temporary mitigation, as no patch is currently available for all deployment scenarios.

XSS Discourse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-32119 MEDIUM PATCH This Month

DOM-based stored XSS in OpenEMR's SearchHighlight plugin (versions prior to 8.0.0.2) enables authenticated users with encounter form write access to inject malicious JavaScript that executes in other clinicians' browsers during report searches. An attacker can leverage this to steal session tokens, modify patient data, or perform actions on behalf of targeted medical staff. The vulnerability stems from improper handling of HTML entity decoding when parsing search results.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-27491 MEDIUM PATCH This Month

Unauthorized user warnings in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 can be issued by authenticated non-staff users due to a type coercion flaw in the post actions API endpoint. Attackers with valid login credentials can exploit this to send warnings meant only for staff moderators, though no data exposure or further privilege escalation occurs. No patch workaround is currently available.

Privilege Escalation Information Disclosure Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33238 MEDIUM PATCH This Month

The `listFiles.json.php` endpoint in AVideo accepts an unsanitized POST parameter `path` and passes it directly to PHP's `glob()` function without restricting traversal to an allowed base directory, enabling authenticated uploaders to enumerate `.mp4` files anywhere on the server filesystem. An attacker with the standard `canUpload` permission can discover private, premium, or access-controlled video files stored outside the intended upload directory by supplying arbitrary absolute paths, revealing both filenames and full filesystem paths that may aid further exploitation. A proof-of-concept is available demonstrating traversal from the web root to arbitrary locations such as `/var/private/premium-content/` and the root filesystem.

Path Traversal PHP
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2571 MEDIUM This Month

The Download Manager plugin for WordPress contains a missing capability check in the 'reviewUserStatus' function that allows authenticated subscribers and above to access sensitive user information without proper authorization. Affected versions include all releases up to and including 3.3.49, enabling attackers with minimal privileges to retrieve email addresses, display names, and registration dates for any user on the site. While the CVSS score of 4.3 is moderate and the vulnerability requires authentication, the ease of exploitation and the breadth of exposed personal data present a meaningful information disclosure risk for WordPress installations using this plugin.

WordPress Information Disclosure Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33393 MEDIUM This Month

A remote code execution vulnerability in Discourse (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3503 MEDIUM PATCH This Month

CVE-2026-3503 is a security vulnerability (CVSS 4.3) that allows a physical attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wolfssl Wolfcrypt
NVD GitHub VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-4068 MEDIUM This Month

The Add Custom Fields to Media WordPress plugin versions up to 2.0.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the field deletion functionality that allows unauthenticated attackers to delete arbitrary custom media fields. The vulnerability exists because the plugin validates nonces for the 'add field' operation but fails to validate nonces on the 'delete field' operation, which processes the $_GET['delete'] parameter directly. An attacker can exploit this by tricking a site administrator into clicking a malicious link, resulting in unauthorized deletion of custom media field configurations with no authentication required beyond social engineering.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32099 MEDIUM This Month

Discourse's profile hiding feature fails to protect user bio, location, and website fields when accessed through onebox previews, allowing authenticated attackers to retrieve this information despite the `hide_profile` setting. An attacker can request a onebox preview of a hidden user's profile URL to bypass privacy controls and expose sensitive profile data. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with no workarounds currently available.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27166 MEDIUM PATCH This Month

Insufficient sanitization of Codepen iframe parameters in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated attackers to manipulate users into changing the main page URL through social engineering. The vulnerability requires user interaction and network access but has no available patch, making disabling Codepen embeds the recommended mitigation.

XSS Discourse
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-31991 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in Signal group allowlist enforcement where the system incorrectly accepts sender identities derived from direct message (DM) pairing-store approvals. An authenticated attacker with low privileges can exploit this boundary weakness by obtaining DM pairing approval, allowing them to bypass group allowlist checks and gain unauthorized access to Signal groups. While the CVSS score is moderate (3.7) and attack complexity is high, the vulnerability represents a direct authentication control bypass in a messaging security context, and patches are available from the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-32020 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-32006 LOW PATCH Monitor

CVE-2026-32006 is a security vulnerability (CVSS 3.1). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy