Skip to main content
CVE-2026-0560 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints via the `/api/files/export-content` endpoint. The vulnerability stems from insufficient URL validation in the `_download_image_to_temp()` function, enabling internal network reconnaissance, access to cloud instance metadata (AWS/GCP/Azure), and potential remote code execution through server-side exploitation chains. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in commit 76a54f0 and version 2.2.0.

SSRF RCE Information Disclosure Lollms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5046 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1201 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'GO' parameter to the /goform/WrlExtraSet endpoint. CVSS 8.8 reflects high impact but requires low-privilege authentication (PR:L). Publicly available exploit code exists, demonstrating concrete exploitability. EPSS data not provided, but the combination of available POC and network accessibility elevates real-world risk for internet-exposed devices with default or weak credentials.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5045 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1201 router (v1.2.0.14) enables remote authenticated attackers to execute arbitrary code via the WrlclientSet function. Exploitation requires only low-privilege credentials (CVSS PR:L) and has low attack complexity (AC:L), with publicly available exploit code on GitHub. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No vendor patch identified at time of analysis, creating urgent risk for deployed devices.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5036 HIGH POC This Week

Stack-based buffer overflow in Tenda 4G06 router firmware version 04.06.01.29 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromDhcpListClient function accessible via the /goform/DhcpListClient endpoint, triggered by manipulating the 'page' parameter. Publicly available exploit code exists (GitHub PoC published), significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-based attack vector with low complexity, though low-privilege authentication is required. Not currently listed in CISA KEV, indicating no confirmed widespread active exploitation at time of analysis.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5021 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 router firmware 1.0.0.3 allows authenticated remote attackers to execute arbitrary code or crash the device via the PPTP user configuration interface. The vulnerability resides in the fromPPTPUserSetting function within the httpd component, triggered by manipulating the 'delno' parameter. Publicly available exploit code exists (GitHub), significantly lowering exploitation barriers. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though authentication is required (PR:L). EPSS data not provided, but public POC availability elevates real-world risk for exposed management interfaces.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5024 HIGH POC Monitor

Stack-based buffer overflow in D-Link DIR-513 1.10 router's email configuration interface allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability affects the formSetEmail function via manipulation of the curTime parameter. Publicly available exploit code exists on GitHub, significantly lowering the exploitation barrier. CRITICAL LIMITATION: This product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices. CVSS 8.8 with low attack complexity and CVSS:3.1 Exploit Maturity 'Proof-of-Concept' confirms immediate exploitability.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5044 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 router version 1.00.33 allows authenticated remote attackers to achieve full system compromise via the formSetSystemSettings endpoint. The vulnerability resides in the Setting Handler component's webpage parameter processing. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. With CVSS 8.8 (High) severity and low attack complexity, this represents a critical risk to affected devices, though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5043 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 router (firmware 1.00.33) enables authenticated remote attackers to achieve complete system compromise via the formSetPassword endpoint. The vulnerability affects the Parameter Handler component and permits code execution with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. Vendor non-responsive to disclosure, indicating no official patch is available.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5042 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve arbitrary code execution via the formCrossBandSwitch parameter handler. Exploitation requires low-privilege authentication but no user interaction, with publicly available exploit code confirming proof-of-concept viability. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and public exploit represents elevated risk for internet-exposed devices. Vendor unresponsive to disclosure, indicating no official patch timeline.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-34005 HIGH This Week

Remote code execution with root privileges affects Xiongmai DVR/NVR devices (models AHB7008T-MH-V2 and NBD7024H-P running firmware 4.03.R11) via authenticated OS command injection through the proprietary DVRIP protocol on TCP port 34567. Low-privileged authenticated attackers can inject shell metacharacters into the HostName parameter of NetWork.NetCommon configuration requests, achieving full system compromise due to unsafe system() function usage. CVSS 8.8 (High) with network attack vector and low complexity; no public exploit identified at time of analysis.

Command Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32974 HIGH PATCH GHSA This Week

Authentication bypass in OpenClaw's Feishu webhook integration (pre-2026.3.12) allows unauthenticated remote attackers to inject forged events and trigger arbitrary downstream tool execution. The vulnerability occurs when administrators configure only verificationToken without encryptKey, enabling attackers to craft malicious webhook payloads that bypass validation. No public exploit identified at time of analysis, though CVSS 8.8 reflects network accessibility (AV:N), zero complexity (AC:L), and no privileges required (PR:N).

Authentication Bypass Jwt Attack
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-32973 HIGH PATCH This Week

Execution allowlist bypass in OpenClaw (versions prior to 2026.3.11) enables unauthenticated remote attackers to execute arbitrary commands by exploiting improper pattern normalization in matchesExecAllowlistPattern. The vulnerability stems from lowercasing and overly permissive glob matching logic that incorrectly allows the ? wildcard to match across POSIX path segments, circumventing intended security restrictions. No public exploit identified at time of analysis, though CVSS 8.8 severity reflects network-accessible attack vector with no authentication required and high integrity/availability impact.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-4946 HIGH PATCH This Week

Command injection in NSA Ghidra (versions before 12.0.3) executes arbitrary commands when analysts click on maliciously crafted binary comments. Attackers embed @execute annotation directives in binary data (e.g., CFStrings in Mach-O files) that Ghidra auto-extracts and renders as clickable UI elements, bypassing the intended trust boundary for user-authored annotations. No public exploit identified at time of analysis, though the attack vector is well-documented in vendor advisory. EPSS data not available; CVSS 8.8 reflects high impact contingent on user interaction with a weaponized binary file.

Command Injection Ghidra
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32980 HIGH PATCH GHSA This Week

Resource exhaustion in OpenClaw webhook endpoint allows remote attackers to consume server memory and processing resources via unauthenticated Telegram webhook POST requests. OpenClaw versions prior to 2026.3.13 process and buffer entire request bodies before validating authentication tokens, enabling denial-of-service attacks with no authentication required. CVSS 8.7 (High) reflects network-accessible, low-complexity attack with high availability impact. No public exploit identified at time of analysis, though the attack technique is straightforward given the architectural flaw.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33573 HIGH PATCH This Week

Authorization bypass in OpenClaw gateway agent RPC enables authenticated operators with operator.write permission to escape workspace boundaries and execute arbitrary operations outside designated directories. Attackers supply malicious spawnedBy and workspaceDir parameters to perform file and exec operations from any process-accessible location. CVSS 8.7 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity. No public exploit identified at time of analysis, though EPSS data unavailable. VulnCheck identified this as an information disclosure vector affecting OpenClaw versions prior to 2026.3.11.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-32914 HIGH PATCH This Week

Privilege escalation in OpenClaw versions before 2026.3.12 allows authenticated users with command authorization to access owner-restricted configuration and debug endpoints due to missing permission checks. Attackers can read and modify privileged settings intended only for owners, effectively bypassing role-based access controls. CVSS 8.7 (High) with EPSS data unavailable; no public exploit identified at time of analysis, though the vulnerability class (CWE-863: incorrect authorization) is commonly targeted once disclosed.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33575 HIGH PATCH This Week

Credential exposure in OpenClaw gateway pairing mechanism allows remote attackers to extract and reuse long-lived shared gateway credentials embedded in pairing setup codes. Attackers who obtain QR codes or pairing tokens from chat logs, screenshots, or system logs can recover persistent gateway credentials intended for one-time use, enabling unauthorized gateway access without authentication. EPSS data not available; no public exploit identified at time of analysis. Affects OpenClaw versions prior to 2026.3.12.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-0562 HIGH PATCH This Week

Authenticated users in parisneo/lollms (versions before 2.2.0) can hijack friend requests intended for other users through an Insecure Direct Object Reference (IDOR) flaw in the `/api/friends/requests/{friendship_id}` endpoint. The vulnerability enables any logged-in user to accept or reject friendship requests by manipulating the `friendship_id` parameter without authorization checks, leading to unauthorized social graph manipulation and potential account compromise via social engineering. Fixed in version 2.2.0 with commit c462977; no public exploit identified at time of analysis, though the attack is trivially reproducible with standard HTTP tools given the low complexity (CVSS AC:L) and authenticated network access (CVSS AV:N/PR:L).

Authentication Bypass Lollms
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-34221 HIGH PATCH GHSA This Week

Prototype pollution in MikroORM's Utils.merge function allows attackers to modify JavaScript object prototypes when applications pass untrusted user input into ORM operations. Affects @mikro-orm/core npm package, enabling denial of service and potentially SQL injection when polluted properties influence query construction. No public exploit identified at time of analysis, though GitHub security advisory published by the project maintainers confirms the vulnerability class (CWE-1321).

Prototype Pollution Denial Of Service SQLi
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-34215 HIGH PATCH GHSA This Week

Parse Server's verify password endpoint leaks MFA secrets and OAuth tokens to authenticated users, enabling multi-factor authentication bypass. Attackers who possess a valid user password can extract TOTP secrets and recovery codes from the unsanitized response, then generate valid MFA codes to defeat the second authentication factor. The vulnerability affects the npm package parse-server. No public exploit identified at time of analysis, though exploitation requires only password knowledge and standard API access.

Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-34214 HIGH PATCH GHSA This Week

Trino's Iceberg connector leaks AWS S3 access credentials through query JSON endpoints, allowing authenticated users with write privileges to extract static or temporary credentials used for object storage access. The vulnerability exposes credentials via the query visualization API (/ui/api/query/ and /v1/query/ endpoints) when users perform write or table maintenance operations. With a CVSS of 7.7 and EPSS data not provided, this represents a confirmed credential exposure issue requiring immediate attention for organizations using Iceberg REST catalog configurations with storage credentials. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated access.

Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34209 HIGH PATCH GHSA This Week

A logic error in the mppx npm package (versions <0.4.11) allows remote attackers to close payment channels without committing funds by exploiting an off-by-one validation flaw in the tempo/session cooperative close handler. The handler incorrectly used '<' instead of '<=' when validating close voucher amounts against settled on-chain amounts, enabling attackers to submit vouchers exactly equal to settled amounts for free channel closure or griefing attacks. No active exploitation confirmed (CISA KEV), but publicly available patch and detailed advisory increase exploitation risk. CVSS 7.5 (High) reflects network-accessible, low-complexity attack requiring no authentication.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32972 HIGH PATCH This Week

Privilege escalation in OpenClaw versions prior to 2026.3.11 allows authenticated users with operator.write permissions to execute administrative browser profile management functions, bypassing role-based access controls. Attackers can persist malicious remote Chrome DevTools Protocol (CDP) endpoints to disk, enabling potential remote code execution or session hijacking without operator.admin privileges. EPSS data not available; no public exploit identified at time of analysis. CVSS 7.1 (High) reflects network-accessible attack requiring only low-privileged authentication.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32979 HIGH PATCH GHSA This Week

Time-of-check-time-of-use (TOCTOU) race condition in OpenClaw runtime (<2026.3.11) allows local authenticated attackers with low privileges to execute arbitrary code by modifying approved scripts between authorization and execution phases. The vulnerability (CWE-367) enables privilege escalation to the OpenClaw runtime user context, requiring user interaction but trivial attack complexity. No public exploit identified at time of analysis, though EPSS data unavailable and CVE not present in CISA KEV catalog.

RCE Openclaw
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy