Skip to main content
CVE-2026-32971 HIGH PATCH GHSA This Week

Command substitution in OpenClaw's node-host approval system allows authenticated attackers with low privileges to execute arbitrary local code by deceiving operators through mismatched approval displays. The system shows extracted shell payloads during approval but executes different argv commands, enabling wrapper-binary attacks where approved commands differ from executed commands. Authentication is required (PR:L) with high attack complexity (AC:H) and user interaction (UI:R). No public exploit identified at time of analysis, though the vulnerability class (CWE-451: UI Misrepresentation of Critical Information) indicates the technical mechanism is well-understood.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-30940 HIGH PATCH GHSA This Week

Authenticated path traversal in baserCMS theme file management API (versions prior to 5.2.3) enables arbitrary file write, allowing administrators to create malicious PHP files outside the theme directory and achieve remote code execution. The vulnerability (CWE-22) requires high privileges (PR:H) but has low attack complexity (AC:L) with network access (AV:N). CVSS score of 7.2 reflects the significant impact when administrator credentials are compromised. No public exploit code or CISA KEV listing identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization.

RCE Path Traversal PHP
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-34155 HIGH PATCH This Week

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Buffer Overflow Rauc
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-10559 HIGH This Week

Path traversal in DELMIA Factory Resource Manager (3DEXPERIENCE R2023x through R2025x) allows authenticated remote attackers to read sensitive files and write files to specific server directories. The vulnerability affects the Factory Resource Management component and requires low-privilege authentication (CVSS PR:L) with low attack complexity. EPSS data not available; no public exploit identified at time of analysis. This represents a significant data exposure risk in industrial manufacturing environments using Dassault Systèmes' 3DEXPERIENCE platform.

Path Traversal Delmia Factory Resource Manager
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33581 HIGH PATCH GHSA This Week

OpenClaw before version 2026.3.24 contains a sandbox bypass vulnerability in its message tool that allows local attackers to read arbitrary files by manipulating mediaUrl and fileUrl alias parameters to circumvent localRoots validation. The vulnerability exploits improper input sanitization in file request routing, enabling unauthorized disclosure of sensitive files outside the intended sandbox directory without requiring authentication or user interaction.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32734 HIGH PATCH GHSA This Week

DOM-based cross-site scripting in baserCMS tag creation functionality allows remote attackers to execute malicious JavaScript in victim browsers. Affects all baserCMS versions prior to 5.2.3. The vulnerability requires user interaction (CVSS UI:R) but needs no authentication (PR:N), enabling phishing or social engineering attacks. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in version 5.2.3.

XSS Basercms
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32976 HIGH PATCH This Week

OpenClaw before version 2026.3.11 allows authenticated users to bypass authorization restrictions and modify protected configuration on sibling accounts through channel commands, despite configWrites: false restrictions. An attacker with legitimate access to one account can execute /config set commands targeting another account's channel provider configuration, achieving unauthorized modification of settings across account boundaries. This vulnerability is neither actively exploited nor known to have public proof-of-concept code available.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-4400 HIGH This Week

Insecure Direct Object Reference (IDOR) in 1millionbot Millie chat allows unauthenticated remote attackers to access other users' private chatbot conversations by manipulating conversation IDs in API requests to 'api.1millionbot.com/api/public/conversations/'. An attacker with knowledge of a target conversation ID can retrieve sensitive or confidential data without authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Authentication Bypass Millie Chat
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2026-34505 MEDIUM PATCH This Month

Webhook secret brute-forcing in OpenClaw before 2026.3.12 enables attackers to forge authenticated webhooks by exploiting pre-authentication rate limit bypass. Unauthenticated remote attackers can systematically guess webhook secrets without triggering rate limiting (which only applies post-authentication), then submit forged webhook payloads to compromise system integrity and confidentiality. CVSS 9.8 (Critical) with network attack vector and no authentication required. No public exploit identified at time of analysis, though exploitation requires only standard HTTP tooling. EPSS data not available; exploitation appears automatable given the straightforward nature of brute-force attacks against webhook endpoints.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34530 MEDIUM PATCH GHSA This Month

Stored cross-site scripting in File Browser via admin-controlled branding fields allows injection of persistent JavaScript that executes for all visitors, including unauthenticated users. The vulnerability stems from use of Go's text/template (which performs no HTML escaping) instead of html/template when rendering the SPA index.html with branding data. An authenticated admin can inject malicious payloads into branding.name or branding.color fields that break out of their intended HTML context and execute arbitrary JavaScript in every user's browser without restriction, as no Content-Security-Policy header is set. Affected versions through v2.62.1 are vulnerable; vendor-released patches are available.

XSS Python Docker
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2026-30879 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in baserCMS prior to version 5.2.3 allows attackers to inject malicious scripts into blog posts, potentially enabling session hijacking, credential theft, or malware distribution to site visitors. The vulnerability affects the blog post functionality and has been patched in version 5.2.3; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34404 MEDIUM PATCH GHSA This Month

Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.

Denial Of Service Og Image
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34443 MEDIUM PATCH This Month

FreeScout prior to version 1.8.211 fails to validate Server-Side Request Forgery (SSRF) protections due to a flawed IP range check in checkIpByMask() that only accepts CIDR notation and rejects plain IP addresses, leaving the entire 10.0.0.0/8 and 172.16.0.0/12 private IP ranges unprotected from SSRF attacks. Remote attackers can exploit this logic error to access internal services and resources on private networks that the application can reach, potentially escalating to information disclosure or further lateral movement. The vulnerability is confirmed patched in version 1.8.211.

PHP SSRF
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34235 MEDIUM PATCH This Month

Heap out-of-bounds read in PJSIP's VP9 RTP unpacketizer allows remote attackers to read memory beyond allocated buffer boundaries by sending crafted VP9 Scalability Structure data, potentially disclosing sensitive information. PJSIP versions prior to 2.17 are affected. The vulnerability requires network access but no authentication, authentication complexity, or user interaction, with CVSS score of 6.9 indicating moderate severity driven by availability impact. Vendor-released patch available in version 2.17.

Information Disclosure Buffer Overflow Pjproject
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34504 MEDIUM PATCH This Month

Server-side request forgery in OpenClaw before 2026.3.28 allows unauthenticated remote attackers to fetch internal URLs through unguarded image download operations in the fal provider image-generation-provider.ts component, enabling exposure of internal service metadata and responses via the image pipeline. CVSS 5.3 indicates moderate integrity impact without authentication requirements. No public exploit code or active exploitation confirmed at time of analysis.

SSRF Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33576 MEDIUM PATCH GHSA This Month

Unauthenticated attackers can force OpenClaw versions before 2026.3.28 to download and store arbitrary media files through Zalo messaging channels, bypassing sender authorization checks. The flaw allows remote exploitation without authentication (CVSS 9.8 critical) to consume network bandwidth and storage resources. No public exploit identified at time of analysis, though the attack vector is straightforward given the lack of pre-validation authorization checks. Vendor-released patch available via commit 68ceaf7a5.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-5195 MEDIUM This Month

SQL injection in code-projects Student Membership System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the User Registration Handler component. The vulnerability has a CVSS score of 7.3 with network-based attack vector and low complexity, requiring no privileges or user interaction. EPSS data not available; no CISA KEV listing indicates confirmed actively exploited status is unknown. Publicly available exploit code exists per researcher disclosure on GitHub, elevating real-world risk for organizations running this application.

SQLi Student Membership System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-27697 MEDIUM PATCH GHSA This Month

SQL injection in baserCMS prior to version 5.2.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through unvalidated input in blog post functionality. The vulnerability affects all versions before 5.2.3 and has been patched; no public exploit code or active exploitation has been confirmed at the time of analysis.

SQLi Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34400 MEDIUM PATCH GHSA This Month

SQL injection in Alerta's Query string search API (q= parameter) allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying PostgreSQL database. The vulnerability stems from unsafe f-string interpolation of user-supplied search terms directly into SQL WHERE clauses without parameterization. Alerta versions prior to 9.1.0 are affected; the vulnerability has been patched in version 9.1.0 with no public exploit code identified at time of analysis.

PostgreSQL SQLi
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4818 MEDIUM This Month

Search Guard FLX versions 3.0.0 through 4.0.1 allow authenticated users with insufficient privileges to execute unauthorized management operations on data streams due to improper access control, enabling privilege escalation with high confidentiality and integrity impact. The CVSS score of 6.8 reflects network accessibility and moderate attack complexity, with active data stream manipulation possible after authentication. No public exploit code or confirmed active exploitation has been identified at this time.

Authentication Bypass Search Guard Flx
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-64340 MEDIUM PATCH GHSA This Month

Command injection in fastmcp install allows Windows users to execute arbitrary commands via shell metacharacters in server names. When installing a server with a name containing characters like `&` (e.g., `fastmcp install claude-code` with server name `test&calc`), the metacharacter is interpreted by cmd.exe during execution of .cmd wrapper scripts, leading to arbitrary command execution with user privileges. This affects Windows systems running claude or gemini CLI installations; macOS and Linux are unaffected. A patch is available via GitHub PR #3522.

Python Command Injection Apple Microsoft
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-34401 MEDIUM PATCH This Month

XML Notepad versions prior to 2.9.0.21 allow remote attackers to leak local file contents or capture NTLM credentials via crafted XML files with malicious DTDs, exploiting disabled-by-default DTD processing that automatically resolves external entities. The vulnerability requires user interaction (opening a malicious XML file) but poses significant confidentiality risk on Windows systems where NTLM credential interception is feasible. Microsoft released patched version 2.9.0.21 to address this XXE (XML External Entity) issue.

Microsoft XXE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-34733 MEDIUM PATCH GHSA This Month

Unauthenticated remote attackers can bypass CLI-only access controls in WWBN AVideo versions 26.0 and prior via a PHP operator precedence bug in install/deleteSystemdPrivate.php, allowing HTTP access to delete server temp directory files and disclose their contents without authentication. The vulnerability stems from a logic error where !php_sapi_name() === 'cli' evaluates incorrectly due to operator binding precedence, causing the access guard to fail entirely. No public exploit code or active exploitation has been reported at the time of this analysis.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2950 MEDIUM PATCH GHSA This Month

Prototype pollution in Lodash 4.17.23 and earlier allows unauthenticated remote attackers to delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) via array-wrapped path segments in _.unset and _.omit functions, bypassing the incomplete fix for CVE-2025-13465. The vulnerability has a CVSS score of 6.5 with low integrity and availability impact; no public exploit code or active exploitation has been confirmed at time of analysis.

Prototype Pollution Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1710 MEDIUM This Month

Unauthenticated attackers can modify WooPayments plugin settings through a missing capability check in the 'save_upe_appearance_ajax' AJAX function, affecting all versions up to and including 10.5.1. This allows remote attackers to alter payment appearance configurations without authentication, potentially disrupting payment processing or customer experience. No public exploit code or active exploitation has been identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34531 MEDIUM PATCH GHSA This Month

Flask-HTTPAuth versions prior to 4.8.1 allow authentication bypass when applications store empty string tokens in their user database, enabling unauthenticated attackers to authenticate as any user with an empty token set by submitting requests without a token or with an empty token value. This affects only token-based authentication mechanisms that verify tokens via database lookup rather than cryptographic means (e.g., JWTs). CVSS score 6.5 reflects moderate integrity impact with low computational attack complexity, and no public exploit code has been identified at the time of analysis.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34887 MEDIUM This Month

Stored cross-site scripting (XSS) in Extend Themes Kubio AI Page Builder through version 2.7.0 allows authenticated users to inject malicious scripts that execute in the browsers of other users viewing affected pages. An attacker with user account access can inject unescaped input during page generation, leading to session hijacking, credential theft, or malware distribution. No public exploit code has been identified at the time of analysis.

XSS Kubio Ai Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34395 MEDIUM GHSA This Month

Information disclosure in WWBN AVideo versions 26.0 and prior allows authenticated users to enumerate and dump the complete user database including personal information and wallet balances via the /plugin/YPTWallet/view/users.json.php endpoint. The vulnerability stems from inadequate authorization checks that verify user login status but fail to enforce administrator-only access, enabling any registered account holder to retrieve sensitive data belonging to all platform users. No public exploit code or active exploitation has been confirmed at time of analysis, and vendor patches are not yet available.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34586 MEDIUM PATCH This Month

PdfDing prior to version 1.7.1 permits authenticated users to bypass access controls on shared PDF documents by accessing content after expiration, view limits, or soft-deletion due to incomplete validation in the check_shared_access_allowed() function. The Serve and Download endpoints rely solely on session existence checks without verifying SharedPdf.inactive or SharedPdf.deleted flags, allowing previously-authorized users to retrieve sensitive content that should no longer be accessible. This authentication bypass affects all versions before 1.7.1 and requires valid authentication credentials to exploit.

Authentication Bypass Pdfding
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34737 MEDIUM PATCH GHSA This Month

Authenticated users in WWBN AVideo 26.0 and prior can cancel arbitrary Stripe subscriptions through an exposed test.php debug endpoint in the StripeYPT plugin, exploiting a logic error in the retrieveSubscriptions() method that performs cancellation instead of retrieval. The vulnerability requires valid login credentials but allows any authenticated user-not just administrators-to trigger subscription cancellations, causing integrity violations to payment operations. No public exploit code or active exploitation has been reported at time of analysis, and vendor patches are not yet available.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34740 MEDIUM PATCH GHSA This Month

Stored server-side request forgery (SSRF) in WWBN AVideo 26.0 and prior allows authenticated users with upload permissions to inject arbitrary URLs into the EPG (Electronic Program Guide) link feature, which the server automatically fetches on each EPG page visit. This enables attackers to scan internal networks, access cloud metadata services, and interact with internal services without the authentication or complexity barriers normally present in network-based attacks. No public exploit code identified at time of analysis.

SSRF Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34613 MEDIUM PATCH GHSA This Month

CSRF vulnerability in WWBN AVideo 26.0 and prior allows unauthenticated attackers to disable critical security plugins on admin accounts via malicious web pages, exploiting missing CSRF token validation combined with SameSite=None session cookies and ORM-level security bypass. An attacker can trick an authenticated administrator into visiting a crafted webpage that silently disables plugins such as LoginControl (2FA), subscription enforcement, or access control mechanisms, compromising the platform's security posture without the admin's knowledge or consent.

CSRF PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34611 MEDIUM PATCH GHSA This Month

CSRF vulnerability in WWBN AVideo 26.0 and prior allows unauthenticated attackers to send arbitrary HTML emails to all platform users by luring administrators to a malicious webpage. The vulnerability exploits absent CSRF token validation on the emailAllUsers.json.php endpoint combined with SameSite=None session cookie configuration, enabling cross-origin POST requests to execute with the admin's session credentials. An attacker can impersonate the platform's legitimate SMTP sender to distribute phishing emails, spam, or malware links to the entire user base without any authentication requirement beyond initial admin compromise via social engineering.

PHP CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24029 MEDIUM PATCH This Month

PowerDNS dnsdist allows unauthenticated DNS over HTTPS (DoH) queries to bypass access control lists when the early_acl_drop option is disabled on nghttp2 frontends, exposing the DNS resolver to unauthorized query submission and potential information disclosure. Affected versions include dnsdist across multiple releases where this configuration weakness exists; the vulnerability has a CVSS score of 6.5 and exposes both confidentiality and integrity concerns despite not affecting availability.

Authentication Bypass Dnsdist
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34716 MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in WWBN AVideo versions 26.0 and prior allows authenticated attackers to execute arbitrary JavaScript in the browsers of online users without any victim interaction. An attacker with a user account can set their display name to an XSS payload; when they initiate a call via the YPTSocket plugin, the caller notification rendered by the jQuery Toast Plugin executes the malicious script in every connected user's browser, enabling session hijacking, credential theft, or further compromise. CVSS 6.4 reflects moderate complexity due to authentication requirement and limited direct impact scope.

XSS RCE Avideo
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1834 MEDIUM This Month

Stored cross-site scripting in Ibtana - WordPress Website Builder plugin up to version 1.2.5.7 allows authenticated contributors to inject arbitrary JavaScript via the 'ive' shortcode due to insufficient input sanitization and output escaping. When an injected page is accessed by any user, the malicious script executes in their browser with the privileges of their WordPress session, enabling session hijacking, credential theft, or administrative actions depending on victim privileges. No public exploit code or active exploitation has been confirmed at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2480 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in WP Shortcodes Plugin - Shortcodes Ultimate through version 7.4.10 allows authenticated contributors and above to inject arbitrary JavaScript via the 'max_width' attribute of the su_box shortcode due to insufficient input sanitization and output escaping. The injected scripts persist in page content and execute for all users viewing the affected page, enabling attackers with contributor-level WordPress access to compromise site visitors without additional user interaction.

WordPress XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-33580 MEDIUM PATCH This Month

Brute-force attacks against OpenClaw webhook authentication allow unauthenticated remote attackers to forge Nextcloud Talk webhook events by exploiting missing rate limiting on shared secret validation. Affecting OpenClaw versions prior to 2026.3.28, attackers can repeatedly attempt authentication without throttling to compromise weak shared secrets and inject malicious webhook payloads. CVSS 9.8 critical severity reflects network-accessible attack surface requiring no authentication. No public exploit identified at time of analysis, though EPSS data not available. Vendor-released patch available via commit e403decb6e20091b5402780a7ccd2085f98aa3cd.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-34508 MEDIUM PATCH This Month

OpenClaw before version 2026.3.12 allows authenticated attackers to bypass rate limiting on webhook secret validation by exploiting a logic flaw that applies rate limits only after successful authentication, enabling brute-force attacks against webhook credentials and injection of forged Zalo webhook traffic. The vulnerability requires authenticated access but results in high-confidence credential compromise.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34451 MEDIUM PATCH GHSA This Month

Path traversal vulnerability in Anthropic Claude SDK for TypeScript (versions 0.79.0-0.80.x) allows remote attackers to read and write files outside the intended sandboxed memory directory via prompt injection. The vulnerability exploits incomplete path validation in the local filesystem memory tool, where a model supplied with crafted input can reference sibling directories sharing the memory root's name prefix. Patch available in version 0.81.0; no public exploit code or active exploitation confirmed, but the attack surface is exposed to any application using the affected SDK versions with model-supplied file paths.

Path Traversal Claude Sdk For Typescript
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33074 MEDIUM PATCH This Month

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre allow authenticated users to escalate their subscription tier by purchasing a lower-cost plan while obtaining benefits reserved for higher-tier subscriptions. The vulnerability has a CVSS 6.3 score reflecting the integrity impact, requires high attack complexity and partial timing conditions, but affects confidentiality minimally. Vendor-released patches address the flaw in versions 2026.1.3, 2026.2.2, and 2026.3.0, and the exploit likely requires knowledge of the subscription grant mechanism.

Privilege Escalation Discourse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-32619 MEDIUM PATCH This Month

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta retain unauthorized poll interaction capabilities for users who have lost access to private topics, allowing them to vote on and toggle poll status despite removal from category group membership. While no topic content is exposed, the vulnerability permits state modification in topics to which access should have been revoked, violating the intended access control model. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available, and no public exploit code has been identified.

Authentication Bypass Discourse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34218 MEDIUM PATCH This Month

ClearanceKit on macOS fails to enforce managed and user-defined file-access policies during startup, allowing local processes to bypass intended access controls until GUI interaction triggers policy reloading. The vulnerability affects ClearanceKit versions prior to 4.2.14, where two startup defects create a window in which only a hardcoded baseline rule is enforced, leaving the system vulnerable to privilege escalation and unauthorized file access. This issue is not confirmed actively exploited, but the trivial attack vector (local, no authentication) and high integrity/system impact make it a meaningful risk for systems relying on ClearanceKit for file-access enforcement.

Apple Privilege Escalation
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5184 LOW POC Monitor

Remote command injection in TRENDnet TEW-713RE firmware up to version 1.02 allows authenticated remote attackers to execute arbitrary commands via the admuser parameter in the /goform/setSysAdm endpoint. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts, leaving all affected devices without a vendor-released patch.

Command Injection Tew 713Re
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5183 LOW POC Monitor

Command injection in TRENDnet TEW-713RE firmware up to version 1.02 allows authenticated remote attackers to execute arbitrary commands via manipulation of the dest parameter in the /goform/addRouting function. The vulnerability has a CVSS score of 6.3 and publicly available exploit code exists; the vendor has not responded to early disclosure attempts, leaving affected devices without an official patch.

Command Injection Tew 713Re
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5178 LOW POC Monitor

Command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the vlanPriLan3 parameter in the setIptvCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a publicly available exploit and carries moderate severity (CVSS 6.3) with confirmed exploitability signals (EPSS P/E indicator). Successful exploitation grants an authenticated attacker the ability to manipulate VLAN priority settings and potentially gain code execution on the affected router.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-5177 LOW POC Monitor

Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the rxRate parameter in the setWiFiBasicCfg function at /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 with publicly available exploit code, making it a moderate-priority issue for affected device administrators despite requiring prior authentication.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-34556 MEDIUM This Month

Heap buffer overflow in iccDEV's icAnsiToUtf8() function allows local attackers to cause denial of service via a crafted ICC color profile processed by the iccToXml tool. The vulnerability exists in versions prior to 2.3.1.6 and stems from unsafe string handling that treats non-null-terminated buffers as C-strings, triggering out-of-bounds memory reads. CVSS 6.2 with local attack vector and no authentication required; vendor-released patch available in version 2.3.1.6.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34555 MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to cause denial of service by crafting malicious ICC color management profile files that trigger a 4-byte write overflow in CIccTagFixedNum<>::GetValues(). The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting the high availability impact. No public exploit code or active exploitation has been identified; vendor-released patch version 2.3.1.6 is available.

Buffer Overflow Stack Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34554 MEDIUM This Month

Heap buffer overflow in iccDEV's CIccApplyCmmSearch::costFunc() function allows local attackers to trigger an out-of-bounds memory read via malformed JSON configuration input to the iccApplySearch tool, resulting in denial of service. The vulnerability affects iccDEV versions prior to 2.3.1.6 and has been patched; no public exploit identified at time of analysis, though the issue is straightforward to trigger with crafted input.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy