Skip to main content
CVE-2019-25623 MEDIUM POC This Month

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Luminance Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25621 MEDIUM POC This Month

Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pixel Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25625 MEDIUM POC This Month

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Blob Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25624 MEDIUM POC This Month

Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Liquid Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25622 MEDIUM POC This Month

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Paint Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25620 MEDIUM POC This Month

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tree Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4613 MEDIUM POC This Month

SQL injection in SourceCodester E-Commerce Site 1.0 through the Search parameter in /products.php enables unauthenticated remote attackers to read, modify, and delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available, putting all installations at immediate risk.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4612 MEDIUM POC This Month

SQL injection in the Free Hotel Reservation System 1.0 admin panel allows unauthenticated remote attackers to manipulate the account_id parameter and execute arbitrary SQL queries with potential for data theft, modification, and system disruption. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4581 MEDIUM POC This Month

SQL injection in Simple Laundry System 1.0's /checklogin.php parameter handler allows unauthenticated remote attackers to manipulate the Username field and execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, leaving affected PHP installations vulnerable to data theft and unauthorized access.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4580 MEDIUM POC This Month

SQL injection in Simple Laundry System 1.0's /checkupdatestatus.php parameter handler allows unauthenticated remote attackers to manipulate the serviceId argument and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for affected deployments.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4579 MEDIUM POC This Month

SQL injection in Simple Laundry System 1.0 through the serviceId parameter in /viewdetail.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can exploit this to read or modify sensitive database information.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4594 MEDIUM POC This Month

SQL injection in Erupt up to version 1.13.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through the sort.field parameter in the HQL query builder. Public exploit code exists for this vulnerability, and no patch is currently available. Affected Java applications using vulnerable versions of Erupt are at risk of data exfiltration and manipulation.

SQLi Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-23486 MEDIUM POC PATCH This Month

A publicly accessible endpoint in Blinko prior to version 1.8.4 discloses sensitive user information including usernames, roles, and account creation dates without requiring authentication, allowing unauthenticated attackers to enumerate all user accounts. This information disclosure vulnerability (CWE-200) affects Blinko versions below 1.8.4 and has been patched in the latest release. The vulnerability is remotely exploitable over the network with minimal attack complexity and no privilege requirements, making it a significant privacy and enumeration risk for deployed instances.

Information Disclosure Blinko
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1969 MEDIUM POC PATCH This Month

The trx_addons WordPress plugin before version 2.38.5 contains an arbitrary file upload vulnerability in an AJAX action that fails to properly validate file types, allowing unauthenticated attackers to upload malicious files. This vulnerability represents an incomplete remediation of the previously disclosed CVE-2024-13448, meaning the original patch was insufficient. A public proof-of-concept exploit is available, and the vulnerability can lead to remote code execution or information disclosure depending on server configuration and file placement.

WordPress File Upload
NVD WPScan
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-23483 MEDIUM POC This Month

Blinko versions 1.8.3 and earlier contain a path traversal vulnerability in the plugin file server endpoint that fails to validate whether requested file paths remain within the plugins directory, enabling unauthenticated remote attackers to read arbitrary files. The vulnerability has a CVSS score of 5.3 and currently lacks a publicly available patch.

Path Traversal Blinko
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32852 MEDIUM POC PATCH This Month

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XSS) vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser without requiring authentication or special privileges. The vulnerability exists in the FreeBusy.aspx form where the StartDate parameter is not properly sanitized before being embedded into dynamically generated JavaScript, enabling attackers to inject malicious code through a crafted URL. A public proof-of-concept exploit is available, and a patch has been released by the vendor, making this a moderate-to-high priority issue for organizations running affected versions.

XSS Mailenable
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-32851 MEDIUM POC PATCH This Month

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XS) vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser without requiring authentication or special privileges. The vulnerability exists in the FreeBusy.aspx form where the Attendees parameter is not properly sanitized before being embedded into dynamically generated JavaScript, enabling attackers to craft malicious URLs that compromise user sessions and steal sensitive data. A public proof-of-concept exploit is available, increasing the practical risk to deployed MailEnable installations.

XSS Mailenable
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-32850 MEDIUM POC PATCH This Month

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XSS) vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL targeting the ManageShares.aspx form. The SelectedIndex parameter is not properly sanitized before being embedded into dynamically generated JavaScript, enabling attackers to inject and execute malicious code. A publicly available proof-of-concept exploit exists, and a patch has been released by the vendor.

XSS Mailenable
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-60948 MEDIUM POC PATCH This Month

Census CSWeb 8.0.1 contains a stored cross-site scripting (XSS) vulnerability in user-supplied fields that allows authenticated attackers to inject and persist malicious JavaScript code, which executes when victims access affected pages in their browsers. The vulnerability affects CSWeb versions prior to 8.1.0 alpha, and a public proof-of-concept exploit is available on GitHub, increasing real-world exploitation risk. While the CVSS score of 4.6 reflects moderate severity, the combination of authenticated access requirement, user interaction dependency, and published exploit code suggests this poses a meaningful but contained threat to Census CSWeb deployments.

XSS Csweb
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32845 MEDIUM This Month

cgltf versions 1.15 and earlier are vulnerable to integer overflow in sparse accessor validation that enables local attackers to craft malicious glTF/GLB files triggering heap buffer over-reads. Exploitation causes denial of service through application crashes and may leak sensitive memory contents. No patch is currently available for this high-severity vulnerability (CVSS 8.4).

Denial Of Service Integer Overflow Cgltf
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32279 MEDIUM PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in the external page migration feature of the Page Management Plugin (Connect CMS), allowing authenticated attackers with page management screen access to make the server perform requests to internal destinations and disclose sensitive information. The vulnerability affects Connect CMS versions 1.x through 1.41.0 and 2.x through 2.41.0, with patches available in versions 1.41.1 and 2.41.1 respectively. With a CVSS score of 6.8 and moderate attack complexity requiring high privileges, this represents a real but bounded risk primarily to organizations running older plugin versions with administrative users who may be compromised or malicious.

SSRF Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-33486 MEDIUM PATCH This Month

This vulnerability in Roadiz's DownloadedFile::fromUrl() method allows authenticated users with ROLE_ACCESS_DOCUMENTS to read arbitrary files from the server via PHP stream wrapper abuse, specifically by injecting file:// URIs into media import workflows. An attacker can extract sensitive files including .env configuration files, database credentials, and system files, achieving complete confidentiality compromise of the application and potentially the underlying infrastructure. A proof-of-concept exists demonstrating exploitation through malicious Podcast RSS feeds, and a patch is available from the vendor.

PHP SSRF Microsoft Privilege Escalation
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-31850 MEDIUM This Month

The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in plaintext within exported configuration backup files, enabling information disclosure through CWE-256 (Plaintext Storage of Password). This vulnerability affects firmware versions through 12.01.01.37 and allows an attacker who gains access to a backup file to immediately obtain full administrative and wireless network access without requiring cryptographic attacks. No CVSS score, EPSS data, or active KEV designation is currently available, but the plaintext credential exposure represents a critical risk for any environment relying on configuration backups.

Information Disclosure Nebula 300
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-32901 MEDIUM PATCH This Month

OpenClaw before version 2026.3.2 contains a semantic drift vulnerability in the node system.run approval hardening mechanism that allows attackers to manipulate wrapper command arguments (argv) to execute unintended local scripts. An attacker with local access, low privileges, and the ability to influence wrapper argv and place malicious files in the approved working directory can achieve arbitrary script execution by exploiting argv rewriting that bypasses the intended approved command enforcement. A patch is available from the vendor, and this vulnerability affects all OpenClaw versions prior to 2026.3.2.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
6.7
CVE-2025-10736 MEDIUM This Month

The ReviewX plugin for WordPress contains an improper authorization vulnerability in the userAccessibility() function that allows unauthenticated attackers to bypass authentication checks and access protected REST API endpoints. Affected versions through 2.2.10 permit unauthorized extraction and modification of user data and plugin configuration, posing a direct threat to WooCommerce installations relying on this review management solution. With a CVSS score of 6.5 and network-based attack vector requiring no user interaction or privileges, this vulnerability presents a moderate-to-significant risk for any WordPress site using the affected plugin.

WordPress Authentication Bypass Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23487 MEDIUM PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability in Blinko versions prior to 1.8.4 allows authenticated attackers to leak the superadmin token through the user.detail endpoint by manipulating user identifiers. This authentication bypass vulnerability has a CVSS score of 6.0 and affects the Blinko AI-powered note-taking application. A patch is available in version 1.8.4, and proof-of-concept information is available via the official GitHub security advisory.

Authentication Bypass Blinko
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30886 MEDIUM PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in New API versions prior to 0.11.4-alpha.2, a large language model gateway and AI asset management system. Authenticated users can bypass authorization checks on the video proxy endpoint (GET /v1/videos/:task_id/content) to access video content belonging to other users and cause the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The vulnerability stems from a single unguarded function call that queries tasks by task_id alone without validating user ownership, contrasting sharply with all other task-lookup functions in the codebase that properly enforce ownership checks.

Google Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2412 MEDIUM This Month

The Quiz and Survey Master (QSM) WordPress plugin versions up to 10.3.5 contains a SQL injection vulnerability in the 'merged_question' parameter that allows authenticated attackers with Contributor-level access or higher to extract sensitive database information. The vulnerability exists because the plugin uses sanitize_text_field() which does not prevent SQL metacharacters from being injected into an SQL IN() clause, and the resulting query is not properly parameterized using $wpdb->prepare() or integer casting. With a CVSS score of 6.5 and network-based attack vector requiring only low privileges, this represents a moderate but real threat to WordPress installations using this plugin.

WordPress SQLi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23484 MEDIUM This Month

Blinko versions 1.8.3 and earlier allow authenticated users to write arbitrary files to the filesystem through an unvalidated fileName parameter, exploiting a path traversal weakness. The vulnerability requires only basic user authentication and can be leveraged to place malicious files anywhere on the server, potentially leading to remote code execution or system compromise. No patch is currently available.

Path Traversal Blinko
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23481 MEDIUM PATCH This Month

Blinko, an AI-powered card note-taking application, contains an authenticated arbitrary file write vulnerability in the saveAdditionalDevFile function that allows attackers to write files to arbitrary locations on the system via path traversal. This vulnerability affects all versions prior to 1.8.4 and requires authentication to exploit. An attacker with valid credentials can abuse this flaw to overwrite critical application files, inject malicious code, or achieve remote code execution depending on file permissions and system configuration.

Path Traversal Blinko
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6229 MEDIUM This Month

The Sina Extension for Elementor plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in the Fancy Text Widget and Countdown Widget that allows authenticated attackers with Contributor-level or higher privileges to inject arbitrary JavaScript into pages through insufficiently sanitized DOM attributes. When users visit pages containing the malicious widgets, the injected scripts execute in their browsers, potentially compromising session tokens, stealing sensitive data, or performing unauthorized actions on behalf of the victim. The vulnerability affects all versions up to and including 3.7.0, with a CVSS score of 6.4 indicating medium severity, though the impact is amplified by the stored nature of the XSS and the broad audience of WordPress sites using this popular page builder extension.

WordPress XSS Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-32911 MEDIUM PATCH This Month

Synology OpenClaw versions prior to 2026.2.24 contain an authorization bypass in the synology-chat channel plugin where misconfigured allowlist policies with empty user IDs fail to enforce access controls. Authenticated attackers with Synology sender privileges can exploit this flaw to send unauthorized messages through downstream agents and tools. A patch is available.

Authentication Bypass Synology
NVD GitHub
CVSS 3.1
6.4
CVE-2026-32900 MEDIUM PATCH This Month

OpenClaw before version 2026.2.22 contains an authorization bypass vulnerability in allowlist mode that allows attackers with high privileges to approve benign wrapped system.run commands and subsequently execute arbitrary commands without requiring additional approval on gateway and node-host execution flows. This vulnerability exploits allow-always persistence at the wrapper level to broaden trust boundaries beyond the initial approval scope. The vulnerability has a CVSS score of 6.4 with high impact on confidentiality, integrity, and availability, though exploitation requires high privilege level and user interaction.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
6.4
CVE-2026-28809 MEDIUM This Month

A SSRF vulnerability (CVSS 6.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

XXE SSRF Kubernetes
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4587 MEDIUM This Month

HybridAuth versions up to 3.12.2 contain an improper certificate validation vulnerability in the SSL Handler component (src/HttpClient/Curl.php) where manipulation of curlOptions arguments bypasses SSL/TLS certificate verification. This affects any application using HybridAuth for authentication, allowing attackers to conduct man-in-the-middle attacks against remote authentication flows. While the CVSS score is relatively low (3.7) due to high attack complexity and lack of confidentiality impact, the integrity compromise from certificate validation bypass presents a real threat to authentication security in vulnerable deployments.

PHP Information Disclosure
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-30007 MEDIUM This Month

XnSoft NConvert version 7.230 contains a Use-After-Free vulnerability triggered by processing specially crafted TIFF files, which can lead to information disclosure and potential code execution. The vulnerability affects NConvert image conversion software and has been publicly documented with proof-of-concept code available on GitHub. An attacker can exploit this by providing a malicious TIFF file to an NConvert user or service, potentially causing a crash or unauthorized memory access.

Information Disclosure Memory Corruption Use After Free
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-30006 MEDIUM This Month

XnSoft NConvert version 7.230 contains a stack buffer overflow vulnerability triggered by specially crafted TIFF files, allowing an attacker to overwrite stack memory and potentially execute arbitrary code or cause denial of service. The vulnerability affects the image conversion functionality of NConvert, a widely-used command-line image conversion tool. A proof-of-concept exploit has been documented on GitHub (PassMoon/Nconvert_Vul), indicating public awareness and potential active exploitation risk.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-51226 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33170 MEDIUM PATCH This Month

SafeBuffer's string formatting operator (%) in Ruby fails to preserve HTML safety flags when processing untrusted input, allowing attackers to inject malicious scripts that bypass ERB auto-escaping protections. An attacker can exploit this by providing crafted arguments to the % operator on a mutated SafeBuffer, causing the resulting string to be incorrectly marked as safe and potentially leading to cross-site scripting (XSS) attacks. A patch is available for affected applications.

XSS Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52204 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x where the customer.pl endpoint improperly handles the OTRSCustomerInterface parameter, allowing attackers to inject and execute arbitrary JavaScript in the context of victim browsers. This affects Znuny ITSM versions in the 6.5.x release line, and a proof-of-concept exploit has been publicly disclosed on GitHub, indicating active awareness and potential exploitation capability in the threat landscape.

XSS N A
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4647 MEDIUM PATCH This Month

A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +3
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3635 MEDIUM PATCH This Month

Fastify versions 5.8.2 and earlier contain a header spoofing vulnerability in the trustProxy implementation where the request.protocol and request.host getters incorrectly trust X-Forwarded-Proto and X-Forwarded-Host headers even from untrusted connections when a restrictive trust function is configured. An attacker who can connect directly to a Fastify instance (bypassing the intended proxy) can spoof protocol and host values, potentially bypassing HTTPS enforcement, manipulating secure cookie behavior, and defeating CSRF origin checks. This vulnerability affects applications relying on these headers for security decisions and has a CVSS score of 6.1 with adjacent attack vector and high complexity, indicating moderate real-world exploitability.

CSRF Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32903 MEDIUM PATCH This Month

OpenClaw before version 2026.3.2 contains a symlink traversal vulnerability in the stageSandboxMedia function that allows local attackers with limited privileges to overwrite arbitrary files outside the intended sandbox workspace. By exploiting unvalidated destination paths in media/inbound write operations, an attacker can follow symlinks to modify host files beyond sandbox boundaries, resulting in integrity compromise and potential system availability impact. A patch is available from the vendor.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
6.1
CVE-2026-27646 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn slash-command that allows authorized sandboxed users to initialize host-side ACP runtime and bypass sandbox restrictions. An attacker with low privileges and sandboxed chat access can invoke the vulnerable command to cross from isolated chat context into unrestricted host-side ACP session initialization when ACP is enabled, potentially escalating their capabilities beyond intended boundaries. The vulnerability has been assigned a CVSS score of 5.3 (medium severity) with a published patch available from the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-32912 MEDIUM PATCH This Month

OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.

Code Injection Microsoft Windows
NVD GitHub
CVSS 3.1
5.8
CVE-2026-32047 MEDIUM PATCH This Month

OpenClaw before version 2026.2.22 contains a critical allowlist bypass vulnerability in the system.run function that allows authenticated local attackers to execute arbitrary commands by circumventing security controls. An attacker with local access and low privileges can inject shell line-continuation sequences and command substitution syntax within double quotes to fold malicious payloads into executable subcommands, effectively bypassing the intended command allowlist. This vulnerability enables privilege escalation and arbitrary code execution on affected systems.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
5.8
CVE-2026-28483 MEDIUM PATCH This Month

OpenClaw before version 2026.3.2 contains a race condition vulnerability in its ZIP extraction functionality that allows local attackers with limited privileges to write arbitrary files outside the intended extraction directory. The vulnerability exploits a time-of-check-time-of-use (TOCTOU) gap in src/infra/archive.ts where an attacker can rebind parent directory symlinks between path validation and file write operations, enabling directory traversal and potential code execution. A patch is available from the vendor, and this vulnerability requires local access with user-level privileges to exploit, making it a moderate-severity concern for systems where untrusted users can extract archives.

Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
5.8
CVE-2026-28455 MEDIUM PATCH This Month

OpenClaw before version 2026.2.22 contains an allowlist bypass vulnerability in its system.run exec analysis functionality that fails to properly unwrap environment variable and shell-dispatch wrapper chains. Attackers with local access and limited privileges can exploit this to route command execution through wrapper binaries such as env or bash, allowing them to smuggle payloads past the intended allowlist restrictions. This vulnerability enables privilege escalation and integrity compromise on affected systems.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
5.8
CVE-2026-27131 MEDIUM PATCH This Month

The Sprig Plugin for Craft CMS contains an information disclosure vulnerability that allows authenticated admin users and those with explicit Sprig Playground access to expose sensitive configuration data including security keys and credentials, as well as invoke the hashData() signing function. Affected versions include 2.0.0 through 2.15.1 and 3.0.0 through 3.15.1, with patches released in versions 2.15.2 and 3.15.2 that disable the Sprig Playground by default when devMode is disabled. This is not currently tracked as an actively exploited vulnerability in public KEV databases, though proof-of-concept code may exist in the referenced GitHub security advisory and commits.

Information Disclosure Craft Sprig
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-29111 MEDIUM PATCH This Month

systemd (PID 1) contains a denial-of-service vulnerability triggered by malformed IPC API calls from unprivileged users that causes the service manager to assert and freeze. On versions v249 and earlier, the same vulnerability manifests as stack buffer overwriting with attacker-controlled data, potentially enabling code execution; versions v250 and newer include a safety check that converts this to a non-exploitable assertion failure. The vulnerability affects systemd versions v239 through v259 (with patched versions 260-rc1, 259.2, 258.5, and 257.11 available), impacting all Linux distributions using affected systemd builds including multiple Ubuntu releases tracked at medium priority.

Privilege Escalation Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy