Skip to main content
CVE-2026-40074 MEDIUM PATCH GHSA This Month

SvelteKit versions prior to 2.57.1 are vulnerable to denial of service when the redirect() function is called from the handle server hook with HTTP header-invalid characters in the location parameter. An unauthenticated remote attacker can trigger an unhandled TypeError by supplying unsanitized user input to the redirect location, potentially causing application crashes on certain platforms. The vulnerability is fixed in version 2.57.1.

Information Disclosure Kit
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35649 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 allows unauthenticated remote attackers to bypass access control denials by exploiting improper handling of empty allowlists during settings reconciliation, silently restoring previously revoked permissions. The vulnerability treats explicitly empty allowlists as unset rather than as explicit deny-all configurations, enabling attackers to undo intended access revocations without authentication. With a CVSS score of 6.5 and network-accessible attack vector, this represents a moderate-severity logic flaw affecting access control enforcement.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40227 MEDIUM PATCH This Month

Denial of service in systemd 260 allows local unprivileged users to crash the systemd daemon by triggering an assert via IPC API calls containing arrays or maps with null elements. The vulnerability affects systemd versions 260 through 260, with no public exploit code identified at time of analysis. EPSS score of 6.2 reflects moderate real-world risk due to local-only attack vector and non-privileged requirements.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-31262 MEDIUM This Month

Reflected cross-site scripting (XSS) in Altenar Sportsbook Software Platform (SB2) v.2.0 allows remote attackers to inject malicious scripts via URL parameters, enabling information disclosure and potential arbitrary code execution when users interact with crafted links. The vulnerability requires user interaction (click a malicious link) but affects all users regardless of authentication status, with EPSS score of 0.06% indicating very low real-world exploitation probability despite the moderate CVSS rating of 6.1. No confirmed active exploitation or public proof-of-concept code availability has been documented.

Information Disclosure RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-5999 LOW POC Monitor

Improper authorization in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to bypass access controls in the SysAnnouncementController component, potentially leading to unauthorized data modification and disclosure. The vulnerability has a CVSS score of 6.3 (medium severity) and carries an EPSS severity rating reflecting real-world exploitability; publicly available exploit code exists and the vendor has confirmed the issue with a patch expected in an upcoming release.

Authentication Bypass Jeecgboot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6035 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Vehicle Showroom Management System 1.0 allows remote attackers to inject malicious scripts via the BRANCH_ID parameter in /BranchManagement/ServiceAndSalesReport.php. The vulnerability requires user interaction (UI:P) but no authentication, with publicly available exploit code disclosed. CVSS 5.3 reflects moderate severity with integrity impact limited to confidentiality of user sessions rather than data modification.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6034 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Vehicle Showroom Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts via the BRANCH_ID parameter in /BranchManagement/ProfitAndLossReport.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, and while the CVSS score of 5.3 is moderate, the low integrity impact combined with user interaction requirement limits practical risk, though XSS vulnerabilities remain routinely exploitable in real-world scenarios.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6032 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the serviceId parameter in /checkcheckout.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, and the low CVSS score of 4.3 reflects the need for user click-through and limited scope (integrity impact only), though the attack vector is network-accessible and requires no special privileges or authentication.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4305 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Royal WordPress Backup & Restore Plugin up to version 1.0.16 allows unauthenticated attackers to inject arbitrary JavaScript via the 'wpr_pending_template' parameter. An attacker can craft a malicious link and trick a WordPress administrator into clicking it, causing the injected script to execute in the admin's browser with their privileges. This affects all installations running the vulnerable plugin versions, and no active exploitation has been confirmed, though the low attack complexity and lack of authentication requirements make this a practical threat.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-6000 LOW POC Monitor

Information disclosure in code-projects Online Library Management System 1.0 allows unauthenticated remote attackers to access sensitive data from SQL database backup files via the /sql/library.sql component, requiring user interaction (clicking a link or similar action). The vulnerability has a publicly available exploit and carries a CVSS score of 4.3 with an exploit proof-of-concept (E:P) rating, making it a low-to-moderate priority issue with confirmed public discoverability but limited real-world attack surface due to interaction requirements.

Information Disclosure Online Library Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6033 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the fname parameter in /updatedetailsfromstudent.php to execute arbitrary SQL queries, achieving limited confidentiality and integrity impact. The vulnerability has publicly available exploit code and a CVSS score of 5.3, representing a moderate risk requiring authentication to exploit.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6030 LOW POC Monitor

SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the toolname parameter in /del1.php, potentially compromising data confidentiality, integrity, and availability. Publicly available exploit code exists, and the vulnerability has been assigned CVSS 6.3 with confirmed exploitability indicators (E:P rating).

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6010 LOW POC Monitor

SQL injection in CodeAstro Online Classroom allows authenticated remote attackers to execute arbitrary SQL queries via the Q1 parameter in /OnlineClassroom/takeassessment2.php, enabling data exfiltration and modification with CVSS 6.3 severity; publicly available exploit code exists and the vulnerability affects all versions of the product.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6007 LOW POC Monitor

SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the equipname parameter in /del.php, enabling data exfiltration, modification, and potential denial of service. Publicly available exploit code exists, and the vulnerability carries a CVSS score of 6.3 with confirmed exploitation potential (E:P rating).

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6006 LOW POC Monitor

SQL injection in code-projects Patient Record Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_hpatient.php, leading to unauthorized data access, modification, and potential denial of service. Publicly available exploit code exists (CVSS 6.3, attack vector network, low complexity, requires valid credentials). This is not confirmed as actively exploited by CISA but poses immediate risk given public POC availability and low exploitation complexity.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6005 LOW POC Monitor

SQL injection in code-projects Patient Record Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the hem_id parameter in /hematology_print.php, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has a CVSS score of 6.3 (medium) with publicly available exploit code, though no CISA KEV confirmation indicates active widespread exploitation at time of analysis.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-35670 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 allows authenticated attackers to redirect webhook-triggered chat replies to unintended users by exploiting username-based recipient binding instead of stable numeric identifiers. An attacker with valid credentials can manipulate username changes to rebind webhook replies intended for one user to a different user, compromising message confidentiality and integrity. No public exploit code or active CISA exploitation data is available, but the vulnerability is confirmed patched by the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-3446 MEDIUM PATCH This Month

CPython's base64.b64decode() function prematurely stops processing after encountering the first padded quad, allowing malformed base64 data to be accepted that may be interpreted differently by other implementations. This affects CPython 3.13.x before 3.13.13, 3.14.x before 3.14.4, and 3.15.0a1 before 3.15.0a8, with authenticated remote attackers on high-complexity networks potentially inducing information disclosure (CVSS 6.0, EPSS risk level moderate). Upstream fixes are available in tagged commits; users should upgrade to patched versions or enable validate=True parameter for stricter base64 validation.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-35658 MEDIUM PATCH This Month

Filesystem boundary bypass in OpenClaw before 2026.3.2 allows authenticated attackers to read arbitrary files by traversing sandbox bridge mounts outside the configured workspace, circumventing the tools.fs.workspaceOnly restriction. The vulnerability affects the image tool specifically and results in unauthorized information disclosure accessible via network with low complexity.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-5774 MEDIUM PATCH GHSA This Month

Improper synchronization of the userTokens map in Canonical Juju API server (versions 4.0.5, 3.6.20, and 2.9.56) enables authenticated users to trigger denial of service or reuse single-use discharge tokens due to a race condition. The vulnerability requires low privilege authentication and partial attacker timing control but allows complete availability impact to the server. EPSS score of 6.1 reflects moderate real-world exploitation risk, though no public exploit code or active exploitation has been confirmed.

Race Condition Canonical Denial Of Service
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-5525 MEDIUM This Month

Stack-based buffer overflow in Notepad++ 8.9.3 file drop handler allows local authenticated users to cause application crash and potentially execute code by dragging and dropping a directory path of exactly 259 characters without a trailing backslash, triggering unbounded buffer write via automatic backslash and null terminator appending. CVSS 6.0 (High) reflects local attack vector and high complexity; no public exploit code or active KEV status identified, but upstream fix is confirmed available.

Buffer Overflow Stack Overflow Notepad
NVD GitHub VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-35597 MEDIUM PATCH GHSA This Month

Vikunja API brute-forces TOTP codes by exploiting a database transaction rollback bug that prevents account lockout persistence. When TOTP validation fails, the login handler rolls back the database session containing the failed-attempt counter increment and account lock status, leaving the lockout mechanism non-functional while per-IP rate limiting can be bypassed via distributed attack. Unauthenticated remote attackers who possess a user's password can exhaust the 6-digit TOTP code space (only 1 million combinations) and gain unauthorized access. Patch is available as of Vikunja v2.3.0.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-6003 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Simple IT Discussion Forum 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the fname parameter in /admin/user.php, affecting user interactions through reflected XSS. The vulnerability has a CVSS score of 2.4 but carries a public exploit, though the low CVSS reflects the requirement for high-privilege authentication and user interaction to trigger the payload.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1502 MEDIUM PATCH This Month

Python's HTTP client fails to reject carriage return and line feed (CR/LF) bytes in proxy tunnel headers and host parameters, enabling HTTP response splitting and header injection attacks. Authenticated attackers with high privileges can craft malicious proxy configurations to inject arbitrary HTTP headers or split responses, potentially leading to cache poisoning, session hijacking, or information disclosure. No public exploit code or active exploitation has been identified.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-6067 MEDIUM PATCH This Month

Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. Publicly available exploit code exists. Impacts NASM users assembling untrusted input files, particularly automated build systems and development environments processing external assembly code.

RCE Denial Of Service Buffer Overflow Memory Corruption Nasm
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-29043 MEDIUM PATCH This Month

Heap buffer overflow in HDF5 library versions 1.14.1-2 and earlier allows local attackers to trigger a write-based overflow in the H5T__ref_mem_setnull method by crafting malicious HDF5 files, leading to denial-of-service and potential remote code execution depending on heap exploitation complexity. Attack requires local file access and user interaction to parse a malicious file. No public exploit code identified at time of analysis.

RCE Buffer Overflow Heap Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31412 MEDIUM PATCH This Month

Integer overflow in the Linux kernel's USB gadget mass storage driver (f_mass_storage) allows a malicious USB host to corrupt kernel memory or trigger out-of-bounds accesses on any Linux system acting as a USB storage gadget. The flaw affects kernel versions tracing back to Linux 3.3 (commit 144974e7f9e32b53b02f6c8632be45d8f43d6ab5), with vendor-released patches now available across multiple stable branches. No public exploit has been identified at time of analysis, and EPSS exploitation probability stands at a very low 0.02%, consistent with the physical USB access prerequisite.

Linux Buffer Overflow Integer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40159 MEDIUM PATCH GHSA This Month

PraisonAI before version 4.5.128 exposes sensitive environment variables to untrusted subprocess commands executed through its MCP (Model Context Protocol) integration, enabling credential theft and supply chain attacks when third-party tools like npx packages are invoked. An unauthenticated local attacker with user interaction can trigger MCP commands that inherit the parent process environment, gaining access to API keys, authentication tokens, and database credentials without the knowledge of developers using PraisonAI. The vulnerability is fixed in version 4.5.128.

Python Information Disclosure RCE
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33119 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) on Android contains a user interface misrepresentation vulnerability that allows unauthenticated remote attackers to conduct spoofing attacks over a network. The vulnerability exploits UI rendering to misrepresent critical information to end users, enabling attackers to deceive users into taking unintended actions. While the CVSS score is moderate (5.4), the attack requires user interaction and only impacts confidentiality and integrity; a vendor-released patch is available.

Authentication Bypass Google Microsoft
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-2712 MEDIUM This Month

WP-Optimize plugin for WordPress allows authenticated subscribers and higher to execute admin-only operations including log file access, backup image deletion, and bulk image processing due to missing capability checks in the Heartbeat handler function. The vulnerability affects all versions up to 4.5.0 and requires user authentication but no elevated privileges, enabling privilege escalation from subscriber-level accounts to perform administrative image optimization tasks that should be restricted to site administrators.

WordPress PHP Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35602 MEDIUM PATCH GHSA This Month

Vikunja's file import endpoint bypasses configured maximum file size limits by trusting an attacker-controlled Size field in import metadata rather than validating actual decompressed file content. Authenticated users can upload small compressed zip files (e.g., ~25KB) containing files up to 25MB or larger, exhausting server storage and causing denial of service across all users. The vulnerability affects Vikunja v2.2.2 and earlier versions; a vendor-released patch is available in v2.3.0.

Python Denial Of Service
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35600 MEDIUM PATCH GHSA This Month

Vikunja task title injection in overdue email notifications allows authenticated attackers to embed phishing links and tracking pixels in legitimate SMTP emails by breaking Markdown link syntax with special characters. The vulnerability affects task notification rendering across multiple notification types in Vikunja prior to v2.3.0, where task titles are concatenated directly into Markdown without escaping, survive goldmark rendering and bluemonday sanitization (which intentionally permits <a> and <img> tags), and reach email recipients as trusted-source links within official Vikunja notifications.

XSS Python
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32893 MEDIUM PATCH This Month

Reflected XSS in Chamilo LMS exercise admin panel allows authenticated teachers to be tricked into executing arbitrary JavaScript via malicious paginated URLs, affecting versions prior to 2.0.0-RC.3. An attacker can craft a weaponized link containing unencoded query parameters that bypass the pagination mechanism's improper output encoding, potentially leading to session hijacking, credential theft, or unauthorized administrative actions within the learning management system. No public exploit code or active exploitation has been identified at time of analysis.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-40212 MEDIUM This Month

DOM-based cross-site scripting in OpenStack Skyline console interface allows authenticated administrators to execute arbitrary JavaScript via unsafe document.write usage when viewing instance console logs. Affects Skyline versions before 5.0.1, 6.0.0, and 7.0.0. Attack requires administrator authentication and user interaction (UI:R), limiting real-world impact but enabling session hijacking or credential theft from privileged users.

XSS Skyline
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4664 MEDIUM This Month

Unauthenticated attackers can bypass authentication in Customer Reviews for WooCommerce plugin versions up to 5.103.0 by submitting an empty string as the review permission key, allowing them to create, modify, and inject malicious product reviews via the REST API without any legitimate order association. The vulnerability exploits improper key validation using strict equality comparison without checking for empty values, combined with auto-approval of reviews by default, enabling widespread review injection across all products on affected WooCommerce installations.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-40252 MEDIUM PATCH This Month

Broken Access Control in FastGPT versions prior to 4.14.10.4 allows authenticated teams to access and execute applications belonging to other teams by supplying a foreign application ID, enabling cross-tenant data exposure and unauthorized workflow execution. The vulnerability stems from insufficient API validation-while team tokens are verified, the API fails to confirm that the requested application belongs to the authenticated team. This affects all FastGPT instances with multi-tenant deployments where different teams manage separate AI Agent applications, and is fixed in version 4.14.10.4.

Information Disclosure Authentication Bypass Fastgpt
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-40086 MEDIUM PATCH GHSA This Month

Unauthenticated remote attackers can exploit a path traversal vulnerability in rembg's HTTP server (versions prior to 2.0.75) by sending a crafted request with a malicious model_path parameter to read arbitrary files from the server filesystem. The vulnerability allows attackers to enumerate file existence and permissions, and potentially extract file contents through verbose error messages when the server attempts to load arbitrary paths as ONNX models. This is a confirmed vulnerability with a vendor-released patch available in version 2.0.75.

Path Traversal Rembg
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40100 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in FastGPT versions prior to 4.14.10.3 allows unauthenticated remote attackers to probe and access internal network resources via the /api/core/app/mcpTools/runTool endpoint, which accepts arbitrary URLs without proper validation. The vulnerability is exploitable by default because the internal IP check is gated behind a disabled configuration flag (CHECK_INTERNAL_IP=false), enabling attackers to bypass network segmentation and potentially discover or interact with backend services, databases, or cloud metadata endpoints.

SSRF Fastgpt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33705 MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 expose Twig template files (.tpl) in the /main/template/default/ directory to unauthenticated HTTP GET requests, allowing remote attackers to disclose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure without authentication. This information disclosure vulnerability has a CVSS score of 5.3 with confirmed patch availability in version 1.11.38.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35620 MEDIUM PATCH This Month

OpenClaw before version 2026.3.24 fails to enforce authorization checks in the /send and /allowlist chat command handlers, allowing authenticated users with operator.write scope to bypass owner-only restrictions and modify session delivery policies and allowlist configurations. Attackers can persistently alter sendPolicy settings and add entries to allowlists without proper admin authorization, resulting in integrity and availability impacts within the affected session.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33457 MEDIUM PATCH This Month

Livestatus command injection in Checkmk prediction graph page allows authenticated users to execute arbitrary Livestatus commands by injecting malicious service name parameters due to insufficient input sanitization. Affected versions include Checkmk 2.3.0 before p47, 2.4.0 before p26, and 2.5.0 before b4. The vulnerability requires valid authentication credentials to exploit and results in limited confidentiality, integrity, and availability impact within the Livestatus subsystem.

Code Injection Checkmk
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33455 MEDIUM PATCH This Month

Livestatus injection in Checkmk's monitoring quicksearch function allows authenticated attackers to inject arbitrary livestatus commands through insufficiently sanitized search query parameters in versions prior to 2.5.0b4. The vulnerability requires valid authentication credentials and enables low-impact information disclosure and limited integrity/availability changes within the monitoring system. No public exploit code or active exploitation has been reported at time of analysis.

Code Injection Checkmk
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-39921 MEDIUM PATCH This Month

Server-side request forgery in GeoNode 4.0-4.4.4 and 5.0-5.0.1 allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by supplying a malicious URL via the doc_url parameter, enabling attacks against internal network resources, loopback addresses, RFC1918 networks, and cloud metadata services without SSRF mitigations. CVSS 5.3 reflects low confidentiality and integrity impact but requires prior authentication; no public exploit code or active exploitation has been identified.

SSRF Geonode
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33737 MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allow authenticated attackers to read arbitrary server files through XML External Entity (XXE) injection via improper use of simplexml_load_string() with the LIBXML_NOENT flag enabled across multiple application files. The vulnerability requires low-privilege authentication and medium attack complexity but grants high confidentiality impact with no integrity or availability impact; no public exploit code or active exploitation has been identified at the time of analysis.

XXE Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35651 MEDIUM PATCH This Month

OpenClaw versions 2026.2.13 through 2026.3.24 allow unauthenticated remote attackers to inject ANSI escape sequences into approval prompts and permission logs via malicious tool metadata, enabling spoofing of terminal output and manipulation of displayed information. The vulnerability requires user interaction (display of the approval prompt) and results in integrity impact only, with a CVSS score of 4.3. A vendor patch is available.

Code Injection Openclaw
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35662 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing authenticated leaf subagents to bypass access control and message child sessions beyond their authorized scope. An authenticated attacker with subagent privileges can exploit this via the send action to communicate with restricted child sessions without proper validation, resulting in unauthorized inter-session message relay. No public exploit code has been identified, but the vulnerability has a moderate CVSS score of 4.3 reflecting the integrity impact and low attack complexity.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35619 MEDIUM PATCH This Month

OpenClaw before version 2026.3.24 allows authenticated operators with only operator.approvals scope to enumerate sensitive gateway model metadata via the HTTP /v1/models endpoint, bypassing stricter WebSocket RPC authorization controls. Attackers with limited operator privileges can access information that should be restricted to higher-privilege read scopes, resulting in unauthorized information disclosure.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-22560 MEDIUM PATCH This Month

Open redirect vulnerability in Rocket.Chat SAML endpoint allows unauthenticated remote attackers to redirect users to arbitrary URLs by manipulating endpoint parameters, potentially enabling phishing attacks or credential theft. Affected versions prior to 8.4.0; patch available. EPSS score of 0.02% (4th percentile) indicates low real-world exploitation probability despite network-accessible attack vector.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33456 MEDIUM PATCH This Month

Livestatus injection in Checkmk's notification test mode allows authenticated users with high privileges to inject arbitrary Livestatus commands via crafted service descriptions in versions prior to 2.5.0b4 and 2.4.0p26. The vulnerability has a CVSS score of 5.1 with limited confidentiality and integrity impact, requiring high-privilege authentication. No public exploit code or active exploitation has been confirmed at time of analysis.

Code Injection Checkmk
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-35659 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 accepts unresolved Bonjour and DNS-SD service discovery metadata to influence CLI routing decisions, allowing attackers on adjacent networks to redirect traffic to attacker-controlled targets through malicious TXT records. The vulnerability requires user interaction and adjacent network access but can cause information disclosure and integrity compromise without authentication.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy