Skip to main content
CVE-2026-6815 MEDIUM POC This Month

Path traversal in Casdoor's Local File System storage provider allows authenticated administrators to write arbitrary files to the filesystem by bypassing path sanitization in the storage sandbox. An attacker with administrative privileges can exploit insufficient input validation to create or overwrite files anywhere on the host system. EPSS score of 0.03% indicates minimal real-world exploitation probability despite the moderate CVSS 5.9 score, suggesting the vulnerability requires both authenticated access and administrative privileges that significantly limit practical attack surface.

Path Traversal Casdoor
NVD Exploit-DB VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-8305 MEDIUM POC PATCH This Month

Authentication bypass in OpenClaw's BlueBubbles webhook handler allows remote attackers to send crafted webhook requests without credentials. The handleBlueBubblesWebhookRequest function in extensions/bluebubbles/src/monitor.ts incorrectly exempts localhost requests from authentication, enabling IP spoofing attacks to bypass security controls. Exploit code is publicly available on GitHub. Patch released in version 2026.2.12 (commit a6653be). CVSS 7.3 reflects network-accessible unauthenticated attack with low complexity affecting confidentiality, integrity, and availability.

Authentication Bypass Openclaw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2026-8321 MEDIUM POC This Month

Authentication bypass in Inkeep Agents 0.58.14 allows remote unauthenticated attackers to circumvent authentication controls via alternate channel manipulation in the runAuth middleware. The vulnerability exists in the createDevContext function of agents-api/src/middleware/runAuth.ts, enabling unauthorized access to protected resources with low impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub issue #3024), and the vendor has not yet responded to the vulnerability report, meaning no patch is currently available.

Authentication Bypass Agents
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8319 MEDIUM POC This Month

Denial of service in aiwaves-cn agents up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59 allows remote unauthenticated attackers to exhaust server resources via the recall_relevant_memories_to_working_memory function in cheshire_cat_core component, causing service unavailability. Publicly available exploit code exists (CWE-400: Uncontrolled Resource Consumption). With an CVSS score of 5.3 and EPSS exploitation probability rated 'P', this represents a moderate-severity availability threat suitable for prioritization in resource-constrained environments.

Denial Of Service Agents
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8318 MEDIUM POC This Month

VectifyAI PageIndex up to commit f50e52975313c6716c02b20a119577a1929decba allows remote unauthenticated denial-of-service attacks through an infinite loop vulnerability in the PDF Table of Contents handler. The toc_transformer function in pageindex/page_index.py can be triggered remotely without authentication, causing the application to hang and become unresponsive. Public exploit code is available, increasing real-world attack likelihood.

Denial Of Service Pageindex
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-43638 MEDIUM POC PATCH This Month

Bitwarden Server prior to v2026.4.1 allows any authenticated user to write ciphers (encrypted credentials) into arbitrary organizations via the POST /ciphers/import-organization endpoint by submitting an empty collections array, bypassing authorization checks. This missing authorization vulnerability (CWE-862) affects all authenticated users regardless of organization membership, enabling them to inject malicious credentials or pivot across organizations. Publicly available exploit code exists, and the vendor has released patched version 2026.4.1.

Authentication Bypass Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42888 MEDIUM PATCH This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.

Path Traversal Audiobookshelf
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-42871 MEDIUM PATCH This Month

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the backend infrastructure and expanding the attack surface. This vulnerability is fixed in 3.7.0.

PHP Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7820 MEDIUM PATCH This Month

pgAdmin 4 before version 9.15 allows unauthenticated attackers to bypass account lockout and perform unbounded password-guessing attacks against INTERNAL authentication accounts by exploiting Flask-Security's default /login endpoint, which does not enforce the locked column that the custom /authenticate/login view relies on for brute-force protection. The vulnerability affects only accounts using pgAdmin's INTERNAL authentication source; LDAP, OAuth2, Kerberos, and Webserver authentication methods are not vulnerable because they do not use local passwords.

Authentication Bypass Python
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34962 MEDIUM PATCH This Month

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.

Denial Of Service Barebox
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34961 MEDIUM PATCH This Month

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arbitrary disk offsets.

Information Disclosure Buffer Overflow Barebox
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45222 MEDIUM PATCH This Month

Summarize versions through 0.14.1 create daemon configuration files with world-readable permissions, allowing local attackers with user-level access to read bearer tokens and API credentials from ~/.summarize/daemon.json. The vulnerability enables unauthorized daemon access or recovery of sensitive provider API keys through insecure file permissions on Unix-like systems.

Authentication Bypass Summarize
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45026 MEDIUM PATCH This Month

Stored Cross-Site Scripting in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Processo de Aceitação page that executes when any user accesses the vulnerable endpoint, enabling session hijacking and account takeover. The vulnerability is confined to high-privilege authenticated access (PR:H) with no user interaction required on the victim side, though scope is changed (S:C) indicating cross-context impact. No public exploit code or active exploitation has been identified.

XSS PHP
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45025 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in WeGIA versions prior to 3.7.3 allows authenticated high-privilege users to inject malicious JavaScript into the Etapas de um Processo page, which executes when other users access the page, enabling session hijacking and account takeover. The vulnerability requires high-privilege authentication (PR:H) but affects all users who subsequently visit the injected page, with no public exploit identified at time of analysis.

XSS PHP
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-43911 MEDIUM PATCH This Month

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (password change, KDF change, key rotation, email change, org admin password reset, emergency access takeover). This allows an attacker holding a previously obtained refresh token to maintain session access even after the user has taken action to secure their account. This vulnerability is fixed in 1.35.5.

Information Disclosure Vaultwarden
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45224 MEDIUM PATCH This Month

Path traversal in Crabbox <0.9.0 allows local attackers to delete or overwrite arbitrary files via malicious .crabbox.yaml configuration. When a user executes Crabbox commands with a crafted workspace configuration containing directory traversal sequences (e.g., '../../../'), the Islo provider performs rm -rf and mkdir -p on attacker-controlled paths outside /workspace. Patch available in v0.9.0 (commit 6b07193). No KEV listing or public POC identified, but exploitation requires only user interaction (opening/running a malicious project), not authentication or special privileges.

Path Traversal Crabbox
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-42866 MEDIUM PATCH This Month

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f"{user}.<ext>"), where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A username that contains path-separator sequences (.., /, \, or an absolute path) causes tookie-osint to write the scan output to an arbitrary path the invoking user has write permission for. This vulnerability is fixed in 4.1fix.

Path Traversal Tookie Osint
NVD GitHub VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-26946 MEDIUM PATCH This Month

Improper privilege management in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 allows high-privileged local attackers to escalate privileges and gain full system access, affecting confidentiality, integrity, and availability. No public exploit code or active exploitation has been identified at the time of analysis.

Dell Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-31246 MEDIUM This Month

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process.

Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-43889 MEDIUM PATCH This Month

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each-skipping the "share" permission check. A subsequent shares.update authorizes publication using an OR policy (can share collection OR can share document), so an attacker who holds share permission on one unrelated collection can publish a share that exposes an arbitrary document they cannot legitimately share, making it publicly accessible to unauthenticated users. This vulnerability is fixed in 1.7.0.

Authentication Bypass Outline
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44353 MEDIUM PATCH GHSA This Month

Streamlink versions 8.3.0 and earlier allow arbitrary local file read via unvalidated URI schemes in HLS and DASH parsers. A remote attacker hosting a malicious `.m3u8` or `.mpd` manifest can trick streamlink clients into reading local files (such as SSH keys, AWS credentials, or `/etc/passwd`) and writing their contents to the output stream. Requires user interaction (clicking/running streamlink against attacker-controlled playlist), but no authentication needed. CVSS 6.5 reflects the information disclosure risk; affected deployments with automated processing or cloud sync pose material exfiltration risk.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28920 MEDIUM PATCH This Month

Information leakage in Apple operating systems allows remote attackers to extract sensitive data by crafting and hosting malicious websites that users visit. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Exploitation requires user interaction (UI:R) to visit a malicious website but does not require authentication, with an EPSS score of 0.03 percent indicating low real-world exploitation probability despite the information disclosure impact.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28903 MEDIUM PATCH This Month

Memory corruption in Apple's WebKit web content processing engine causes an unexpected process crash (denial-of-service) across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS when a victim processes attacker-controlled web content. The CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H confirms network-reachable, unauthenticated exploitation limited to availability impact within the affected process - no code execution or data exfiltration is indicated. No public exploit code has been identified at time of analysis, and EPSS scoring at 0.03% (10th percentile) combined with SSVC Exploitation status of 'none' signal low current exploitation pressure.

Apple Buffer Overflow Ios And Ipados Tvos Visionos +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42883 MEDIUM PATCH This Month

Authenticated users with download permissions in Audiobookshelf prior to 2.32.2 can download files from libraries they do not have access to by directly specifying item IDs in the GET /api/libraries/:id/download endpoint, bypassing library access controls. An attacker with valid credentials and access to any single library can exfiltrate complete file contents from restricted libraries, including those explicitly denied to them.

Authentication Bypass Audiobookshelf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7010 MEDIUM PATCH This Month

HTTP::Tiny versions before 0.093 for Perl fail to validate carriage return and line feed (CRLF) characters in HTTP request lines and header values, allowing attackers who control input URLs or headers to inject additional HTTP headers and smuggle requests to upstream servers. Remote unauthenticated attackers can exploit this via crafted URLs passed to webhook or URL fetch endpoints, achieving limited information disclosure and integrity compromise. EPSS score of 0.03% (percentile 7%) indicates low practical exploitation probability despite network-vector accessibility.

Code Injection Http Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44571 MEDIUM PATCH GHSA This Month

Improper authorization in Open WebUI versions up to 0.8.5 allows authenticated users to modify messages in standard channels by exploiting a read-permission check that should require write permission. The vulnerability affects the POST /api/v1/channels/{channel_id}/messages/{message_id}/update endpoint when access_control is set to None, enabling message tampering without ownership verification. Patch available in version 0.8.6.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28956 MEDIUM PATCH This Month

Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.

Apple Information Disclosure Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28972 MEDIUM PATCH This Month

Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42316 MEDIUM PATCH This Month

KQL injection in kafka-sink-azure-kusto Kafka Connect plugin prior to 5.2.3 allows authenticated administrators with Kafka Connect configuration permissions to inject arbitrary KQL management commands by embedding metacharacters in the kusto.tables.topics.mapping configuration fields (db, table, mapping, format). An attacker with connector configuration privileges could enumerate or modify schemas, tamper with ingestion mappings, or alter streaming and retention policies on the target Azure Data Explorer database using the connector's service principal credentials. The vulnerability is fixed in version 5.2.3 and has not been observed in active exploitation at the time of this analysis.

Microsoft Information Disclosure Nosql Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28918 MEDIUM PATCH This Month

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

Apple Information Disclosure Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28946 MEDIUM PATCH This Month

Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.

Denial Of Service Apple Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28902 MEDIUM PATCH This Month

Web content processing across all major Apple platforms is vulnerable to a memory mismanagement flaw (CWE-119) that causes an unexpected process crash when a user visits or renders attacker-controlled web content. Affected platforms include iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS - all versions prior to the 26.5 release line. The impact is limited to availability (A:H), with no confidentiality or integrity exposure per the CVSS vector, and no active exploitation is confirmed - EPSS sits at 0.02% (5th percentile) and SSVC rates exploitation as none, making this a moderate-priority patch rather than an emergency response item.

Apple Buffer Overflow Ios And Ipados Tvos Visionos +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28922 MEDIUM PATCH This Month

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41018 MEDIUM PATCH This Month

Apache Airflow Elasticsearch provider writes embedded credentials from the `[elasticsearch] host` configuration URL directly into task logs, allowing any user with task-log read permissions to harvest backend authentication credentials. The vulnerability affects Apache Airflow Providers Elasticsearch versions before 6.5.3 and has been patched by stripping userinfo from the host URL before logging. EPSS exploitation probability is low (0.02%, percentile 4%), indicating limited real-world exploitation despite the sensitive nature of credential exposure.

Apache Elastic Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43826 MEDIUM PATCH This Month

Apache Airflow Providers OpenSearch versions before 1.9.1 leak backend credentials in task logs when the OpenSearch connection host URL embeds credentials in the format `https://user:password@server:9200`. Any user with task-log read permission can extract these credentials from log output. The vulnerability is confirmed patched in version 1.9.1 and later, with an EPSS score of 0.02% indicating low real-world exploitation probability despite the moderate CVSS score.

Apache Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28942 MEDIUM PATCH This Month

Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.

Denial Of Service Apple Use After Free Memory Corruption Ios And Ipados +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5084 MEDIUM This Month

WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.

Information Disclosure Webdyne
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42870 MEDIUM PATCH This Month

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.

XSS PHP
NVD GitHub
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-9973 MEDIUM PATCH This Month

WSO2 Identity Server in multi-organization deployments fails to validate organization context during adaptive authentication flow execution, allowing privileged users in one organization to trigger authentication logic on other organizations. An attacker with adaptive authentication configuration privileges can exploit this context validation gap to bypass authorization boundaries, escalate privileges, and gain unauthorized access to user accounts and resources across organizational boundaries.

Authentication Bypass Privilege Escalation Wso2 Identity Server Conditional Authentication User And Roles Related Functions
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41257 MEDIUM PATCH This Month

Integer overflow in jq's bytecode VM data stack allocation tracking allows local attackers to corrupt heap memory and achieve arbitrary code execution or denial of service by crafting deeply nested JSON generator expressions that exceed ~1 GiB stack size. Affected versions: jq 1.8.1 and earlier. The vulnerability requires local file access and user interaction to trigger malicious jq expressions, but carries high impact potential due to memory corruption exploitability.

Integer Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-44994 MEDIUM PATCH This Month

Authentication bypass in OpenClaw before version 2026.4.22 allows unauthenticated attackers to read sensitive bootstrap and configuration metadata from the Control UI config endpoint when Gateway authentication is enabled. The vulnerability exposes internal bootstrap information and configuration fields intended only for authenticated Control UI sessions via an unprotected HTTP GET request to the `/__openclaw/control-ui-config.json` endpoint, with no user interaction required.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-43968 MEDIUM PATCH This Month

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/2 function used for data and comment fields splits only on \n. Because the SSE specification requires decoders to treat \r\n, \r, and \n as equivalent line terminators, an attacker who controls any of these fields can inject additional SSE lines and forge a complete event with an arbitrary event type and data payload on the receiving end. In typical deployments where browser EventSource clients or other SSE consumers dispatch on event.type and render event.data, this enables event splitting, client-side logic manipulation, and stored-XSS-equivalent behaviour when event data is inserted into the DOM. This issue affects cowlib from 2.6.0.

XSS Cowlib
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7210 MEDIUM PATCH This Month

XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection, allowing crafted XML documents to trigger algorithmic complexity attacks (hash flooding) that degrade parser performance. Remote attackers can exploit this with complex XML payloads to cause denial of service. Mitigation requires both updating libexpat to 2.8.0 or later and applying the CPython patch, as confirmed by Python Software Foundation security advisory.

Information Disclosure Cpython
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44996 MEDIUM PATCH This Month

OpenClaw before version 2026.4.15 allows arbitrary local file read via the webchat audio embedding helper, which fails to enforce local media root containment checks. Attackers who can influence agent or tool-produced ReplyPayload.mediaUrl parameters can resolve absolute local paths or file:// URLs, read audio-like files, and embed them base64-encoded into webchat responses. The vulnerability is narrow in scope-files must be readable by the gateway process, have audio-like extensions, and fit within the webchat audio size cap-but crosses the security boundary between model/tool output and host filesystem access. No public exploit code or active exploitation has been identified, though the vulnerability is confirmed by vendor advisory.

Path Traversal Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-65416 MEDIUM This Month

docuFORM Managed Print Service Client 11.11c allows authenticated remote attackers to upload arbitrary files via the pmupdate.php endpoint, enabling potential remote code execution or system compromise. The vulnerability requires valid user credentials (PR:L per CVSS) but no user interaction, and affects confidentiality, integrity, and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

PHP File Upload
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-8325 MEDIUM PATCH This Month

Role-based access control bypass in WSO2 API Manager 3.x allows authenticated users with the 'Internal/Everyone' role to invoke Gateway and Internal Service APIs without proper permission enforcement, enabling unauthorized operations on sensitive REST API endpoints. The vulnerability affects multiple WSO2 products including API Control Plane, Universal Gateway, and Traffic Manager. CVSS 6.3 (network-accessible, low complexity, requires valid user credentials) indicates moderate severity with clear lateral privilege escalation potential in multi-tenant environments.

Information Disclosure Wso2 Api Control Plane Wso2 Universal Gateway Wso2 Traffic Manager Wso2 Api Manager +2
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-45002 MEDIUM PATCH This Month

OpenClaw before 2026.4.20 allows attackers to bypass the hooks.allowRequestSessionKey opt-in restriction via template-rendered session keys in hook mappings, circumventing webhook routing isolation controls. The vulnerability enables externally influenced session keys to be rendered through templated hook mappings even when the opt-in is disabled, affecting webhook routing isolation but not enabling host execution. Vendor-released patch available (version 2026.4.20); no public exploit code identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44999 MEDIUM PATCH This Month

OpenClaw before version 2026.4.20 fails to preserve untrusted labels on webhook-triggered cron agent output, allowing events to be recorded as trusted system events instead of untrusted events. This trust-labeling issue can strengthen prompt-injection attacks by rendering attacker-controlled webhook data as legitimate system events, though it does not directly bypass authentication, tool policy, or sandboxing controls.

Code Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-28897 MEDIUM PATCH This Month

Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.

Stack Overflow Apple Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28977 MEDIUM PATCH This Month

Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy