Skip to main content
CVE-2025-71257 MEDIUM POC PATCH This Month

BMC FootPrints ITSM contains an authentication bypass vulnerability allowing unauthenticated remote attackers to access restricted REST API endpoints and servlets without proper authorization. Affected versions range from 20.20.02 through 20.24.01.001, enabling attackers to invoke restricted functionality, access application data, and modify system resources. A public proof-of-concept exploit has been published by watchTowr Labs demonstrating pre-authentication remote code execution chains, significantly elevating the real-world risk.

Authentication Bypass Footprints
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-71259 MEDIUM POC This Month

BMC FootPrints ITSM contains a blind server-side request forgery (SSRF) vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Affected versions range from 20.20.02 through 20.24.01.001, and attackers can exploit insufficient validation of externally supplied resource references to interact with internal services or cause resource exhaustion impacting availability. The vulnerability carries a CVSS score of 4.3 with low complexity and low attack vector, requiring only authentication; no active exploitation in the wild has been confirmed, but the disclosure references suggest potential chaining with pre-authentication RCE vectors documented by security researchers.

SSRF Denial Of Service Footprints Itsm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-71258 MEDIUM POC PATCH This Month

A blind server-side request forgery (SSRF) vulnerability exists in the searchWeb API component of BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001, allowing authenticated attackers to cause the server to initiate arbitrary outbound requests through improper URL validation. Attackers can exploit this to perform internal network scanning or interact with internal services, potentially impacting system availability and confidentiality. A publicly available proof-of-concept exists, and vendor patches are available.

SSRF Footprints
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33397 MEDIUM PATCH This Month

Open Redirect in Angular SSR allows remote attackers to bypass redirect validation through a single backslash character in the X-Forwarded-Prefix header, causing browsers to interpret the malformed URL as a protocol-relative redirect to attacker-controlled domains. This vulnerability affects Angular SSR applications deployed behind proxies and represents an incomplete fix for a prior open redirect issue. An attacker can craft requests to redirect authenticated users away from the legitimate application without user interaction.

Open Redirect
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
5.0%
CVE-2026-3849 MEDIUM This Month

Stack buffer overflow in wolfSSL 5.8.4's ECH (Encrypted Client Hello) implementation allows remote attackers to crash TLS clients or achieve code execution by sending a maliciously crafted ECH configuration. The vulnerability affects clients that have explicitly enabled ECH support, which is disabled by default. An attacker controlling a TLS server can exploit this remotely without authentication or user interaction.

Buffer Overflow Memory Corruption Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-33332 MEDIUM PATCH This Month

NiceGUI's media file serving functions fail to validate user-supplied query parameters used in range-response handling, allowing attackers to bypass streaming protections and force servers to load entire files into memory simultaneously. Applications using app.add_media_file() or app.add_media_files() to serve large media content are vulnerable to denial of service through memory exhaustion and performance degradation when handling concurrent malicious requests. No patch is currently available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32041 MEDIUM PATCH GHSA This Month

OpenClaw versions prior to 2026.3.1 contain an authentication bypass vulnerability where failed authentication bootstrap during startup leaves browser-control routes accessible without credentials. An attacker with local process access or ability to reach the application via loopback SSRF can exploit this to access sensitive browser-control functionality including code evaluation capabilities without valid authentication. This is a moderate-risk vulnerability with a CVSS score of 6.9 and realistic exploitation potential for local/SSRF-capable threats.

SSRF Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-32007 MEDIUM PATCH GHSA This Month

OpenClaw versions before 2026.2.23 allow authenticated users with sandbox access to bypass workspace restrictions through a path traversal flaw in the apply_patch tool, enabling arbitrary file modification on the system. The vulnerability stems from inconsistent validation of mounted paths outside the workspace directory, permitting attackers to write to writable mounts beyond the intended sandbox boundaries. No patch is currently available for this MEDIUM severity issue.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32005 MEDIUM PATCH GHSA This Month

OpenClaw versions prior to 2026.2.25 contain an authorization bypass vulnerability in interactive callback handlers (block_action, view_submission, view_closed) that allows authenticated but unauthorized workspace members to bypass sender authorization checks and enqueue arbitrary system events into active sessions. This affects shared workspace deployments where multiple users with varying permission levels coexist, enabling privilege escalation and information disclosure attacks without requiring elevated privileges or user interaction.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-29608 MEDIUM PATCH This Month

OpenClaw 2026.3.1 contains an approval integrity bypass vulnerability in the system.run node-host execution feature where attackers can rewrite command-line arguments (argv) to change the semantics of operator-approved commands. An authenticated local attacker with low privileges can place malicious scripts in the working directory to execute unintended code despite the operator approving different command text, resulting in high-impact confidentiality, integrity, and availability violations. A patch is available from the vendor, and no public exploit code has been widely reported, but the vulnerability represents a critical trust boundary violation in approval workflows.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-32003 MEDIUM PATCH GHSA This Month

OpenClaw versions before 2026.2.22 allow high-privileged attackers to execute arbitrary shell commands by injecting malicious environment variables into the system.run function, bypassing the intended command allowlist protections. By exploiting bash xtrace expansion through SHELLOPTS and PS4 variables, an attacker with request-scoped environment variable access can achieve code execution beyond the restricted command set. No patch is currently available for this command injection vulnerability.

Command Injection Openclaw
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-4426 MEDIUM PATCH This Month

Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service Libarchive Hardened Images Openshift Container Platform Enterprise Linux
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26120 MEDIUM PATCH This Month

Microsoft Bing contains a server-side request forgery vulnerability that enables unauthenticated remote attackers to manipulate network communications and access sensitive information. An attacker can exploit this flaw without user interaction to retrieve confidential data or cause service disruption. No patch is currently available.

SSRF Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26136 MEDIUM PATCH This Month

Microsoft Copilot is vulnerable to command injection through improper neutralization of special elements in user input, allowing an unauthenticated attacker to execute arbitrary commands and disclose sensitive information over the network. The vulnerability affects Microsoft Copilot (version details unspecified in available advisories) and requires user interaction to trigger. While no public proof-of-concept or active exploitation in the wild has been confirmed in the provided intelligence, the moderate CVSS score of 6.5 with high confidentiality impact warrants prompt patching.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25928 MEDIUM PATCH This Month

Improper path sanitization in OpenEMR's DICOM export feature prior to version 8.0.0.2 allows authenticated users with DICOM permissions to write arbitrary files outside the intended directory through path traversal sequences. An attacker could exploit this to place malicious PHP files within the web root, potentially achieving remote code execution. The vulnerability requires valid credentials but poses significant risk to systems containing sensitive healthcare data.

PHP RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-32036 MEDIUM PATCH GHSA This Month

OpenClaw gateway plugin versions before 2026.2.26 allow remote attackers to bypass authentication by exploiting path traversal in the /api/channels endpoint through encoded dot-segment sequences. Attackers can manipulate these paths to access protected plugin routes that should be restricted, gaining unauthorized access to sensitive channel functionality. No patch is currently available for this medium-severity vulnerability.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-32026 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability (CWE-22: Path Traversal) in sandbox media handling that allows attackers with low privileges to read and exfiltrate arbitrary files from the host temporary directory. An authenticated attacker can exploit this by crafting malicious media references delivered through attachment mechanisms, bypassing sandbox isolation to access sensitive files outside the intended sandbox root. No active exploitation in the wild (KEV status unknown), but proof-of-concept code references are available in GitHub commit history.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-32004 MEDIUM PATCH GHSA This Month

OpenClaw prior to version 2026.3.2 allows unauthenticated attackers to bypass authentication controls on the /api/channels endpoint through path canonicalization mismatches, enabling access to protected API resources. The vulnerability exploits inconsistent handling of multi-encoded slash characters (%2f variants) between authentication checks and route processing. No patch is currently available, and exploitation requires only network access with no user interaction.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-67115 MEDIUM This Month

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the...

Path Traversal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26940 MEDIUM This Month

A Denial of Service vulnerability exists in Kibana's Timelion visualization plugin that allows authenticated users to trigger excessive memory allocation through improper validation of specially crafted Timelion expressions. An attacker with valid Kibana credentials can overwrite internal series data properties with excessively large quantity values, causing the application to exhaust system resources and become unavailable. This is a network-accessible vulnerability requiring low privileges with a CVSS score of 6.5 and documented as a confirmed denial-of-service attack vector affecting multiple active Kibana versions.

Denial Of Service Elastic Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14716 MEDIUM PATCH This Month

An improper authentication vulnerability in Secomea GateManager's webserver modules allows authenticated users to bypass authentication controls and access resources they should not be permitted to access. This affects GateManager version 11.4.0 and potentially other versions within the 11.4 release line. An attacker with valid login credentials can exploit this flaw to gain unauthorized access to sensitive information, achieving high confidentiality impact without modifying data or degrading availability.

Authentication Bypass Gatemanager
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27935 MEDIUM PATCH This Month

A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27397 MEDIUM This Month

An authorization bypass vulnerability in Really Simple Security Pro versions through 9.5.4.0 allows unauthenticated attackers to exploit incorrectly configured access control through user-controlled keys, resulting in integrity and availability impacts. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) with a CVSS score of 6.5, indicating medium severity with network-based attack vector requiring no privileges or user interaction. Patchstack has documented this issue affecting the Really Simple Plugins B.V. Really Simple Security Pro WordPress plugin, though active exploitation status and POC availability from public sources require verification against current threat intelligence feeds.

Authentication Bypass Really Simple Security Pro
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2369 MEDIUM PATCH This Month

libsoup versions prior to the patched release contain an integer underflow vulnerability in zero-length resource processing that enables unauthenticated remote attackers to read adjacent memory or trigger denial of service. The vulnerability stems from improper bounds checking during content handling, affecting any application using the vulnerable libsoup library for HTTP operations. No public exploit code has been identified, and the low EPSS score (0.04%, percentile 11%) indicates exploitation is unlikely in practice despite the moderate CVSS score of 6.5.

Denial Of Service Integer Overflow Libsoup
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62043 MEDIUM This Month

A DOM-based cross-site scripting (XSS) vulnerability exists in WPSight WPCasa WordPress plugin versions through 1.4.1, allowing authenticated attackers to inject malicious JavaScript that executes in users' browsers. The vulnerability stems from improper neutralization of user input during web page generation, enabling an attacker with login credentials to craft malicious payloads that execute in the context of other users' sessions. With a CVSS score of 6.5 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate risk to WordPress installations using affected WPCasa versions, particularly those managing real estate listings where authenticated users have content creation privileges.

XSS Wpcasa
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33355 MEDIUM This Month

A post-type visibility filtering bypass in Discourse's `/private-posts` endpoint allows authenticated users with access to private message (PM) topics to view whisper posts that should be restricted to specific recipients. This information disclosure vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and requires only low-privilege user authentication to exploit. No active exploitation in the wild has been reported, but patches are available from the vendor.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32008 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.21 allow authenticated users with browser-tool access to bypass URL scheme validation and navigate to file:// URLs, enabling local file exfiltration through browser snapshot and extraction features. An attacker with valid credentials could read sensitive files accessible to the OpenClaw process and extract them from the system. No patch is currently available.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33304 MEDIUM PATCH This Month

An authorization bypass vulnerability in OpenEMR versions prior to 8.0.0.2 allows authenticated non-administrator users to access reminder messages and associated patient information belonging to other users by manipulating GET request parameters. Any authenticated user can view sensitive data including patient names and message content from arbitrary user accounts without proper authorization checks. This vulnerability has a CVSS score of 6.5 (Medium) with high confidentiality impact but no integrity or availability impact, and a proof-of-concept has been published via the GitHub security advisory.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32223 MEDIUM This Month

An authorization bypass vulnerability exists in Themeum Tutor LMS through version 3.9.4 that allows authenticated users to access resources they should not have permission to view through user-controlled keys in the access control mechanism. This Insecure Direct Object Reference (IDOR) vulnerability affects all Tutor LMS installations up to and including version 3.9.4, enabling an attacker with low privileges to read sensitive data by manipulating object identifiers. The vulnerability has a CVSS score of 6.5 reflecting moderate severity with high confidentiality impact, and while no KEV or widespread POC exploitation has been publicly confirmed, the attack requires only network access and valid authentication credentials.

Authentication Bypass Tutor Lms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32818 MEDIUM PATCH This Month

Admidio versions 5.0.0 through 5.0.6 contain an authorization bypass vulnerability in the forum module that allows any authenticated user to permanently delete forum topics and posts without proper permission checks. An attacker with basic forum access can delete any topic or post by knowing its UUID, which is publicly visible in URLs, completely circumventing the authorization controls that are properly enforced in edit/save operations. This vulnerability was fixed in version 5.0.7, and exploitation requires only low privileges (authenticated user status) with no user interaction.

PHP CSRF Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25744 MEDIUM PATCH This Month

OpenEMR versions prior to 8.0.0.2 contain an authorization bypass vulnerability in the encounter vitals API that allows authenticated users with encounters/notes permissions to overwrite any patient's vital signs by supplying another patient's vital ID in the request body. This constitutes medical record tampering with integrity implications rated CVSS 6.5. No evidence of active exploitation in KEV or public POC availability was identified in the provided intelligence, though the vulnerability is straightforward to exploit given valid API credentials.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26939 MEDIUM This Month

Kibana's Detection Rule Management lacks proper authorization controls, allowing authenticated users with rule management privileges to configure unauthorized endpoint response actions including host isolation and process termination. An attacker with these privileges could exploit this missing access control to execute sensitive endpoint operations beyond their intended scope. No patch is currently available for this medium-severity vulnerability affecting Elastic products.

Elastic Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33283 MEDIUM PATCH This Month

Ella Core contains a null pointer dereference vulnerability (CWE-476) that causes the process to panic when processing malformed UL NAS Transport NAS messages that lack a Request Type field, particularly when no SM Context is present. An attacker with network access and minimal privileges can send crafted NAS messages to trigger this crash, resulting in complete denial of service for all connected subscribers without requiring authentication. The CVSS 6.5 score reflects the high availability impact, though the requirement for low privileges (PR:L) and network-only access (AV:N) constrains the overall severity.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32743 MEDIUM This Month

Stack-based buffer overflow in PX4 autopilot versions 1.17.0-rc2 and below allows attackers with MAVLink link access to crash the flight controller by exploiting an unconstrained sscanf operation in the MavlinkLogHandler. An attacker can trigger this by creating deeply nested directories via MAVLink FTP and then requesting the log list, causing the MAVLink task to crash and resulting in loss of telemetry and command capability. This denial of service affects drone and unmanned vehicle systems relying on vulnerable PX4 versions.

Buffer Overflow Denial Of Service Stack Overflow IoT
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33281 MEDIUM PATCH This Month

Ella Core contains an input validation flaw that causes the process to panic when receiving NGAP messages with PDU Session IDs outside the valid range of 1-15, enabling unauthenticated attackers to trigger denial of service affecting all connected subscribers. The vulnerability (CWE-129: Improper Validation of Array Index) carries a CVSS score of 6.5 with network-level attack vector and low complexity, though it requires low privilege context according to the vector string. No active exploitation in the wild has been confirmed, but the straightforward nature of crafting malformed NGAP messages means proof-of-concept development is feasible.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28282 MEDIUM PATCH This Month

A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33314 MEDIUM PATCH This Month

A Host Header Spoofing vulnerability in the @local_check decorator of pyload-ng allows unauthenticated external attackers to bypass local-only IP address restrictions on the Click'N'Load API endpoints by sending a crafted HTTP Host header. This authentication bypass enables remote attackers to queue arbitrary downloads on the affected pyload instance, leading to Server-Side Request Forgery (SSRF) attacks against internal or external systems and Denial of Service through resource exhaustion. A proof-of-concept exploit exists in the form of a simple curl command that demonstrates immediate exploitability without user interaction.

Authentication Bypass Denial Of Service Python SSRF
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33323 MEDIUM PATCH This Month

Email verification resend endpoints in the Pages and legacy PublicAPI routes leak information about valid usernames through distinguishable responses, enabling unauthenticated attackers to enumerate active accounts. The default `emailVerifySuccessOnInvalidEmail` configuration option, which mitigates this issue, was not applied to these specific routes. A patch is available that extends the protection to both routes.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2026-4120 MEDIUM This Month

The Info Cards - Add Text and Media in Card Layouts WordPress plugin versions up to 2.0.7 contains a Stored Cross-Site Scripting vulnerability in the 'btnUrl' parameter of the Info Cards block that allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript code. The vulnerability exists because the plugin fails to validate URL protocols (specifically javascript: schemes) on the server side, and the client-side rendering directly inserts unsanitized URLs into anchor href attributes, enabling script execution when users click the malicious button links. While there is no indication of active KEV exploitation, the low attack complexity and low privilege requirements make this a practical threat in multi-author WordPress environments.

WordPress PHP XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4006 MEDIUM This Month

{{author+link}} template tag when no author URL is present, which will execute whenever users visit pages containing the [drafts] shortcode. The vulnerability has a CVSS score of 6.4 with a network attack vector and low attack complexity, requiring only low-level privileges.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-33320 MEDIUM PATCH This Month

The dasel YAML reader contains an unbounded alias expansion vulnerability (CWE-674) that allows attackers to trigger extreme CPU and memory consumption through specially crafted YAML documents. Affected versions include dasel v3.0.0 through v3.3.1 and the current default branch. An attacker who can supply YAML input-via CLI, file processing, or library usage-can cause denial of service with a malicious 342-byte payload that fails to complete within 5 seconds and exhibits unbounded resource growth, as demonstrated by the provided proof-of-concept.

Denial Of Service Apple macOS Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
1.0%
CVE-2026-31999 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-33347 MEDIUM PATCH This Month

Mozilla's Embed extension contains a domain allowlist bypass in the DomainFilteringAdapter due to insufficient hostname boundary validation in its regex pattern, allowing attacker-controlled domains like youtube.com.evil to pass validation checks for youtube.com. This vulnerability enables Server-Side Request Forgery attacks via the OscaroteroEmbedAdapter to probe internal services, and Cross-Site Scripting attacks through unsanitized oEmbed HTML responses returned by compromised domains. No patch is currently available for this medium-severity flaw.

XSS SSRF Mozilla
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-28449 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.

Information Disclosure Nextcloud
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-27091 MEDIUM This Month

UiPress Lite versions through 3.5.09 contain a missing authorization vulnerability (CWE-862) that allows authenticated users to exploit incorrectly configured access control security levels, enabling privilege escalation or unauthorized resource access. An attacker with low-level user credentials can bypass authorization checks to access or modify functionality restricted to higher-privilege roles. The vulnerability has a CVSS score of 6.3 with network-based attack vector requiring only low privileges, indicating moderate real-world exploitability.

Authentication Bypass Uipress Lite
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-32028 MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-32021 MEDIUM PATCH This Month

CVE-2026-32021 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-32010 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.22 allow local authenticated attackers to bypass the safe-bin allowlist by exploiting sort's --compress-program flag, enabling execution of arbitrary programs despite allowlist restrictions. This command injection vulnerability affects deployments using safe-bin configuration with ask=on-miss mode enabled, permitting unauthorized code execution without operator approval.

Command Injection Openclaw
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-32029 MEDIUM PATCH This Month

CVE-2026-32029 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Code Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-36051 MEDIUM PATCH This Month

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain an information disclosure vulnerability where sensitive configuration data is stored in plaintext or insufficiently protected files readable by unprivileged local users. An attacker with local filesystem access can read these configuration files to extract sensitive information such as credentials, API keys, or system parameters, potentially enabling lateral movement or further compromise of the SIEM infrastructure. A patch is available from IBM, and this vulnerability should be prioritized for organizations running affected QRadar versions as SIEM systems are high-value targets.

IBM Information Disclosure
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy