Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2024-49048 PyPI HIGH PATCH GHSA This Week

### Impact TorchGeo 0.4-0.6.0 used an [`eval`](https://docs.python.org/3/library/functions.html#eval) statement in its model weight API that could allow an unauthenticated, remote attacker to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-27124 PyPI HIGH PATCH GHSA This Week

FastMCP OAuthProxy allows authentication bypass through a Confused Deputy attack, enabling attackers to hijack victim OAuth sessions and gain unauthorized access to MCP servers. When victims who previously authorized a legitimate MCP client are tricked into opening a malicious authorization URL, the OAuthProxy fails to validate browser-bound consent, redirecting valid authorization codes to attacker-controlled clients. This affects the GitHubProvider integration and potentially all OAuth providers that skip consent prompts for previously authorized applications. No public exploit identified at time of analysis, though detailed reproduction steps are publicly documented in the GitHub security advisory.

Authentication Bypass Microsoft
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-64340 PyPI MEDIUM PATCH GHSA This Month

Command injection in fastmcp install allows Windows users to execute arbitrary commands via shell metacharacters in server names. When installing a server with a name containing characters like `&` (e.g., `fastmcp install claude-code` with server name `test&calc`), the metacharacter is interpreted by cmd.exe during execution of .cmd wrapper scripts, leading to arbitrary command execution with user privileges. This affects Windows systems running claude or gemini CLI installations; macOS and Linux are unaffected. A patch is available via GitHub PR #3522.

Python Command Injection Apple Microsoft
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-34401 MEDIUM PATCH This Month

XML Notepad versions prior to 2.9.0.21 allow remote attackers to leak local file contents or capture NTLM credentials via crafted XML files with malicious DTDs, exploiting disabled-by-default DTD processing that automatically resolves external entities. The vulnerability requires user interaction (opening a malicious XML file) but poses significant confidentiality risk on Windows systems where NTLM credential interception is feasible. Microsoft released patched version 2.9.0.21 to address this XXE (XML External Entity) issue.

Microsoft XXE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-2123 HIGH This Week

Privilege escalation in OpenText Operations Agent versions 12.29 and earlier on Windows allows local attackers to execute arbitrary code by placing malicious executables in specific writeable directories, which the agent subsequently executes with elevated privileges. The vulnerability requires local access and specific conditions to be present but does not require prior authentication to the agent itself. No public exploit code has been identified, and there is no confirmation of active exploitation at time of analysis.

Microsoft Privilege Escalation
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-5087 HIGH This Week

PAGI::Middleware::Session::Store::Cookie through version 0.001003 generates cryptographically weak initialization vectors (IVs) for session cookie encryption by falling back to Perl's built-in rand() function when /dev/urandom is unavailable, particularly affecting Windows systems. This predictable IV generation enables attackers to decrypt and tamper with session data stored in cookies, compromising session confidentiality and integrity. No active exploitation has been confirmed, but the vulnerability affects all deployments on systems lacking /dev/urandom access.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22561 MEDIUM PATCH This Month

DLL search-order hijacking in Anthropic Claude for Windows installer (Claude Setup.exe) versions before 1.1.3363 enables local privilege escalation to system context. An attacker with low privileges and physical or local access can plant a malicious DLL (such as profapi.dll) in the installer directory; when an elevated user runs the installer, the uncontrolled search path causes the malicious DLL to be loaded and executed with system privileges, achieving arbitrary code execution. No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation RCE Microsoft
NVD
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-22569 MEDIUM PATCH This Month

Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.

Information Disclosure Microsoft
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34509 LOW PATCH Monitor

Authorization bypass in OpenClaw's Microsoft Teams plugin allows unauthenticated remote attackers to circumvent sender allowlists and trigger replies in restricted Teams routes. Affecting OpenClaw versions before 2026.3.8, the flaw manifests when team/channel route allowlists contain empty groupAllowFrom parameters, causing the message handler to synthesize wildcard sender authorization instead of enforcing intended restrictions. No public exploit identified at time of analysis, though CVSS 7.5 reflects network-accessible exploitation with low complexity requiring no authentication. Vendor-released patch available in version 2026.3.8 with upstream commit 88aee916.

Authentication Bypass Microsoft
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34506 npm LOW PATCH Monitor

Authorization bypass in OpenClaw Microsoft Teams plugin (versions before 2026.3.8) permits unauthenticated attackers to circumvent sender allowlists when team/channel routes are configured with empty groupAllowFrom parameters. Remote attackers can exploit this network-accessible flaw with low complexity to trigger unauthorized message replies and access sensitive information in allowlisted Teams routes. EPSS and KEV data not available for this recent CVE; no public exploit identified at time of analysis.

Microsoft Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34054 HIGH PATCH This Week

Local privilege escalation via hardcoded build path in vcpkg's OpenSSL binaries affects Windows users of the C/C++ package manager prior to version 3.6.1#3. The vulnerability allows authenticated local attackers with low privileges to achieve high confidentiality, integrity, and availability impact (CVSS 7.8) by exploiting the hardcoded openssldir path that references the original build machine. Upstream fix available (PR #50518, commit 5111afd); patched version 3.6.1#3 released. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

OpenSSL Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-30309 HIGH This Week

InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3991 HIGH This Week

Elevation of privilege in Symantec Data Loss Prevention Windows Endpoint allows authenticated local users to gain SYSTEM-level access and compromise protected resources. Affects all versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. CVSS 7.8 (High) reflects the local attack vector but complete system compromise upon successful exploitation. No public exploit identified at time of analysis, though the CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) classification suggests potential DLL hijacking or similar trust boundary violations.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34360 Maven MEDIUM PATCH GHSA This Month

Server-side request forgery (SSRF) in FHIR Validator HTTP service allows unauthenticated remote attackers to probe internal network services and cloud metadata endpoints via the /loadIG endpoint, which accepts arbitrary URLs without hostname or domain validation. The vulnerability defaults to allowing all outbound requests, and redirect following bypasses even configured domain restrictions. With the explore=true default setting, each request amplifies reconnaissance capability through multiple outbound HTTP calls, enabling blind network topology mapping and metadata service access.

SSRF Java Microsoft
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-33990 Go MEDIUM PATCH GHSA This Month

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Docker SSRF Microsoft Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33949 npm HIGH PATCH GHSA This Week

Path traversal in TinaCMS GraphQL (@tinacms/graphql) enables unauthenticated remote attackers to write and overwrite arbitrary files within the project root, including critical configuration files like package.json and build scripts. The vulnerability stems from platform-specific path validation failures that treat backslash characters differently on Unix-based systems, allowing traversal sequences like 'x\..\..\..\package.json' to bypass security checks. With a CVSS score of 8.1 and publicly available exploit code demonstrating the attack, this represents a critical security risk for TinaCMS deployments, particularly those exposed to untrusted networks. No CISA KEV listing exists, but the proof-of-concept demonstrates clear exploitation paths to arbitrary code execution via build script modification.

Path Traversal RCE Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-34204 Go HIGH GHSA This Week

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Docker Microsoft Apple Authentication Bypass Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32187 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) contains a defense-in-depth vulnerability affecting all versions that allows remote attackers to disclose sensitive information and modify data through a network-based attack requiring user interaction. The vulnerability carries a CVSS score of 4.2 (low severity) with high attack complexity, indicating limited real-world exploitability despite dual confidentiality and integrity impacts. A vendor-released patch is available from Microsoft.

Microsoft Google XSS
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-34070 PyPI HIGH PATCH GHSA This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker Kubernetes Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-34391 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.

Microsoft Information Disclosure
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-33980 PyPI HIGH PATCH GHSA This Week

KQL injection in adx-mcp-server Python package allows authenticated attackers to execute arbitrary Kusto queries against Azure Data Explorer clusters. Three MCP tool handlers (get_table_schema, sample_table_data, get_table_details) unsafely interpolate the table_name parameter into query strings via f-strings, enabling data exfiltration from arbitrary tables, execution of management commands, and potential table drops. Vendor-released patch available (commit 0abe0ee). No public exploit identified at time of analysis, though proof-of-concept code exists in the security advisory demonstrating injection via comment-based bypass and newline-separated commands. Affects adx-mcp-server ≤ commit 48b2933.

Microsoft RCE Nosql Injection Python
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-34387 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 are vulnerable to command injection in the software installer pipeline, enabling remote attackers with high privileges to achieve arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when triggering uninstall operations on crafted software packages. The vulnerability requires high privileges and user interaction but delivers complete system compromise on affected managed hosts. No public exploit code or active exploitation has been identified at time of analysis.

RCE Command Injection Apple Microsoft
NVD GitHub
CVSS 4.0
5.7
EPSS
0.3%
CVE-2026-33992 PyPI CRITICAL PATCH GHSA Act Now

PyLoad download manager (version 0.5.0 and potentially earlier, distributed via pip as pyload-ng) allows authenticated users to perform Server-Side Request Forgery attacks by submitting arbitrary URLs through the /api/addPackage endpoint without validation. Attackers with valid credentials can exfiltrate cloud provider metadata from AWS EC2, DigitalOcean, Google Cloud, and Azure instances, exposing IAM credentials, SSH keys, API tokens, and internal network topology. A proof-of-concept demonstration is documented with live instance credentials, and upstream fix available (PR/commit); released patched version not independently confirmed based on GitHub commit reference b76b6d4ee5e32d2118d26afdee1d0a9e57d4bfe8.

SSRF Microsoft Python Google
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-11604 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-33755 HIGH PATCH This Week

Authenticated SQL injection in Group-Office's JMAP Contact/query endpoint allows any user with basic addressbook permissions to extract database contents, including active session tokens, enabling full account takeover of any user including System Administrators. Affects Group-Office versions before 6.8.158, 25.0.92, and 26.0.17. EPSS exploitation probability is low (0.03%, 9th percentile) with no public exploit or active exploitation confirmed. Despite 8.8 CVSS score, real-world risk depends heavily on whether attackers can obtain valid low-privilege credentials first.

SQLi Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13478 HIGH This Week

OpenText Identity Manager versions up to 25.2 (v4.10.1) suffer from insecure cache handling that permits remote authenticated users to retrieve another user's session data, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this cache misconfiguration on both Windows and Linux deployments to access sensitive session information belonging to other authenticated users, compromising confidentiality of user sessions and potentially enabling lateral movement or privilege escalation attacks.

Information Disclosure Microsoft
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-3457 HIGH PATCH This Week

Stored cross-site scripting in Thales Sentinel LDK Runtime on Windows allows attackers with local access to inject malicious scripts that execute with high integrity impact. All versions before 10.22 are affected. The CVSS 4.0 base score of 7.0 reflects local attack vector with no privileges required and no user interaction. Proof-of-concept exploit code exists (CVSS:4.0 E:P). CISA KEV does not list this vulnerability as actively exploited at time of analysis.

XSS Microsoft
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-27855 MEDIUM PATCH This Month

Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-30302 CRITICAL Act Now

CodeRider-Kilo's command auto-approval module fails to correctly parse Windows CMD escape sequences (^), allowing attackers to bypass its Git command whitelist and achieve arbitrary remote code execution. The vulnerability exploits a mismatch between the Unix-based shell-quote parser used for validation and the actual Windows CMD interpreter behavior, enabling attackers to inject malicious commands through crafted payloads such as git log ^" & malicious_command ^". No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Microsoft Command Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2026-30303 CRITICAL Act Now

A command injection vulnerability in command auto-approval module in Axon Code (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

RCE Command Injection Microsoft
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-33896 npm CRITICAL PATCH Act Now

Certificate chain spoofing in node-forge (npm) <= 1.3.3 lets an attacker present any non-CA leaf certificate as a trusted intermediate CA, because pki.verifyCertificateChain() skips RFC 5280 basicConstraints enforcement when a certificate carries neither the basicConstraints nor the keyUsage extension. An attacker holding such a leaf certificate can sign certificates for arbitrary identities and have node-forge accept the forged chain, defeating authentication for any application relying on it for custom PKI, S/MIME, PKCS#7, or device-certificate validation. Rated CVSS 9.1 by the reporter and fixed in 1.4.0; publicly available exploit code exists (full PoC in the GHSA), but EPSS is only 0.02% and it is not on CISA KEV.

Microsoft Buffer Overflow OpenSSL
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33891 npm HIGH PATCH This Week

The node-forge cryptographic library for Node.js suffers from a complete Denial of Service condition when the BigInteger.modInverse() function receives zero as input, causing an infinite loop that consumes 100% CPU and blocks the event loop indefinitely. All versions of node-forge (npm package) are affected, impacting applications that process untrusted cryptographic parameters through DSA/ECDSA signature verification or custom modular arithmetic operations. CVSS 7.5 (High severity) reflects network-reachable, unauthenticated exploitation with no user interaction required. A working proof-of-concept exists demonstrating the vulnerability triggers within 5 seconds. Vendor patch is available via GitHub commit 9bb8d67b99d17e4ebb5fd7596cd699e11f25d023.

Node.js Microsoft Apple Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33766 PHP MEDIUM PATCH This Month

PHP applications using the affected functions fail to re-validate redirect targets during HTTP requests, allowing attackers to bypass SSRF protections by chaining a legitimate public URL with a redirect to internal resources. An attacker can exploit this weakness in endpoints that fetch remote content after initial URL validation, potentially gaining access to private IP ranges and internal services. A patch is available.

SSRF PHP Microsoft
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33726 Go MEDIUM PATCH This Month

Cilium Network Policy enforcement is bypassed for traffic from pods to L7 Services with local backends on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing authenticated local attackers to circumvent ingress network policies and access restricted services. This affects Cilium v1.19.0-v1.19.1, v1.18.0-v1.18.7, and all versions prior to v1.17.13, with the most common vulnerable deployment being Amazon EKS with Cilium ENI mode. Vendor-released patches are available (v1.19.2, v1.18.8, v1.17.14), and no public exploit code has been identified at the time of analysis.

Microsoft Kubernetes Authentication Bypass Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2018-25212 HIGH POC This Week

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-32680 HIGH This Week

RATOC RAID Monitoring Manager for Windows contains an insecure directory permissions vulnerability when the installation folder is customized to a non-default location. The installer fails to properly set access control lists (ACLs) on custom installation directories, allowing non-administrative users to modify folder contents and execute arbitrary code with SYSTEM privileges. With a CVSS 4.0 score of 8.5, this represents a high-severity local privilege escalation vulnerability affecting Windows systems where this RAID management software is installed.

Microsoft RCE Privilege Escalation
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-28760 HIGH This Week

RATOC RAID Monitoring Manager for Windows contains a DLL hijacking vulnerability in its installer that loads DLLs from the current directory without proper path validation. If an attacker can place a malicious DLL in the directory where a user runs the installer, arbitrary code can be executed with administrator privileges. The vulnerability has a CVSS score of 8.4 with local attack vector requiring user interaction, and has been publicly disclosed through JPCERT coordination with vendor advisory available.

Microsoft RCE
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-33682 PyPI MEDIUM PATCH This Month

Streamlit Open Source versions prior to 1.54.0 running on Windows contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the ComponentRequestHandler that improperly validates filesystem paths, allowing attackers to coerce the Streamlit server into initiating outbound SMB connections to attacker-controlled hosts. This can result in the exposure of NTLMv2 credential hashes for the Windows user running the Streamlit process, which may be subjected to offline brute-force attacks or relayed to other internal services. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, but a patch is available from the vendor (version 1.54.0), and the attack requires network adjacency (AV:A) and is not trivial to exploit (AC:H).

SSRF Microsoft
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-30976 HIGH PATCH This Week

Sonarr, a PVR application for Usenet and BitTorrent users, contains an unauthenticated path traversal vulnerability on Windows systems that allows remote attackers to read arbitrary files accessible to the Sonarr process. Affected versions include all 4.x branch releases prior to 4.0.17.2950 (nightly/develop) or 4.0.17.2952 (stable/main). With a CVSS score of 8.6 and network-based unauthenticated access (AV:N/PR:N), this represents a significant confidentiality risk allowing attackers to extract API keys, database credentials, and sensitive system files from Windows installations.

Apple Microsoft Path Traversal
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-33693 Cargo MEDIUM PATCH This Month

A SSRF vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

SSRF Microsoft Apple
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33673 PHP HIGH PATCH This Week

PrestaShop contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the back-office (BO) administration panel. An attacker with limited back-office access or who has exploited a separate vulnerability to inject data into the database can exploit unprotected template variables to execute arbitrary JavaScript in administrators' browsers. The CVSS score of 7.7 reflects high attack complexity and the requirement for high privileges, though no evidence of active exploitation (KEV) or public proof-of-concept is currently available.

XSS Microsoft
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-20012 HIGH This Week

A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.

Cisco Denial Of Service Microsoft Apple
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-4761 LOW Monitor

A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.

Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
3.3
EPSS
0.0%
CVE-2026-23330 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's NFC (Near Field Communication) NCI subsystem where pending data exchange operations are not properly completed when a device is closed, causing socket references to be held indefinitely. This affects all Linux kernel versions with the vulnerable NFC NCI code path. An attacker with local access to NFC functionality could trigger repeated device close operations to exhaust memory resources, leading to denial of service. While no CVSS score or EPSS data is currently available, the issue is being actively addressed through kernel patches as evidenced by multiple commit references.

Linux Information Disclosure Microsoft Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26306 HIGH This Week

A DLL hijacking vulnerability exists in the installer for OM Workspace (Windows Edition) Ver 2.4 and earlier, allowing local attackers to execute arbitrary code with the privileges of the user running the installer. The vulnerability is reported by JPCERT and affects software from OM Digital Solutions Corporation. With a CVSS score of 7.8 (High), the vulnerability requires local access and user interaction but no special privileges, making it a moderate real-world risk for targeted attacks during software installation.

RCE Microsoft Windows
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-33253 HIGH This Week

A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.

RCE Microsoft Windows
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-24141 HIGH This Week

NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.

Information Disclosure RCE Deserialization Microsoft Nvidia +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33623 Go MEDIUM PATCH This Month

A command injection vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google RCE Command Injection Path Traversal Microsoft +3
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-33401 HIGH PATCH This Week

Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.7.0 that allows authenticated users to access internal network services, cloud metadata endpoints, and localhost-bound services. The vulnerability exists in three unprotected attack surfaces: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job-areas that were missed when SSRF protections were partially implemented in an earlier patch (CVE-2026-30840). An attacker with valid credentials can leverage these endpoints to reach sensitive internal resources including AWS IMDSv1, GCP, and Azure metadata services.

SSRF Microsoft Ollama AI / ML
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32948 Maven MEDIUM PATCH This Month

sbt on Windows is vulnerable to command injection through unvalidated URI fragments in VCS dependency declarations. When resolving git, mercurial, or subversion repositories, sbt passes user-controlled branch, tag, or revision parameters directly to cmd.exe without sanitization, allowing attackers to inject arbitrary Windows commands via special characters like &, |, and ; that cmd /c interprets as command separators. An attacker who controls a dependency URI in a project's build.sbt file can execute arbitrary commands with the privileges of the user running sbt. A proof-of-concept exists demonstrating execution of calc.exe, and patches are available from the vendor for sbt versions 1.12.7 and later.

Microsoft Command Injection Windows Red Hat
NVD GitHub VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-33486 PHP MEDIUM PATCH This Month

This vulnerability in Roadiz's DownloadedFile::fromUrl() method allows authenticated users with ROLE_ACCESS_DOCUMENTS to read arbitrary files from the server via PHP stream wrapper abuse, specifically by injecting file:// URIs into media import workflows. An attacker can extract sensitive files including .env configuration files, database credentials, and system files, achieving complete confidentiality compromise of the application and potentially the underlying infrastructure. A proof-of-concept exists demonstrating exploitation through malicious Podcast RSS feeds, and a patch is available from the vendor.

PHP SSRF Microsoft Privilege Escalation
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-33430 PyPI HIGH PATCH GHSA This Week

BeeWare Briefcase Windows MSI installer templates (versions <0.3.26, <0.4.0, <0.4.1) create installation directories with insecure inherited permissions when installed per-machine. Low-privilege authenticated local users can replace application binaries, achieving privilege escalation when an administrator later executes the modified binary. Vendor-released patches available for 0.3.26, 0.4.0, and 0.4.1. EPSS score of 0.01% indicates minimal observed exploitation attempts; no KEV listing or public POC identified.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-32912 MEDIUM PATCH This Month

OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.

Code Injection Microsoft Windows
NVD GitHub
CVSS 3.1
5.8
CVE-2026-32908 HIGH PATCH This Week

OpenClaw 2026.1.21 through 2026.2.18 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism. Local authenticated users with low privileges can execute arbitrary commands when spawn failures trigger shell fallback with cmd.exe, exploiting workflow-controlled parameters. A patch is available from the vendor, and while no KEV or EPSS data indicates active exploitation at this time, the vulnerability has a CVSS score of 7.0 (High).

Command Injection Microsoft Windows
NVD GitHub
CVSS 3.1
7.0
CVE-2026-32907 HIGH PATCH This Week

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in the Windows scheduled task script generation component. Attackers with low-level local privileges and control over service script generation values can inject cmd metacharacters into the gateway.cmd arguments to execute arbitrary commands with high impact to confidentiality, integrity, and availability. There is no indication of active exploitation (not in CISA KEV), but a patch commit is publicly available which may facilitate proof-of-concept development.

Microsoft Command Injection Windows
NVD GitHub
CVSS 3.1
7.8
CVE-2026-22173 HIGH PATCH This Week

OpenClaw, an open-source game engine component, contains a command injection vulnerability in its Windows Scheduled Task script generation mechanism. Versions prior to 2026.2.18 write environment variables unquoted to gateway.cmd files, allowing attackers to inject shell metacharacters that break out of assignment context and execute arbitrary commands when the scheduled task runs. This vulnerability has a CVSS score of 7.4 (High) with local attack vector and high attack complexity, and a patch is currently available from the vendor.

Command Injection Microsoft Windows
NVD GitHub
CVSS 3.1
7.4
CVE-2026-0898 CRITICAL Act Now

An arbitrary file-write vulnerability exists in Pega Browser Extension (PBE) affecting Pega Robot Studio developers using versions 22.1 or R25 who automate Google Chrome and Microsoft Edge browsers. A threat actor can craft a malicious website that, when visited by a developer during interrogation mode in Robot Studio, executes arbitrary file-write operations on the developer's system. This vulnerability does not affect end-user Robot Runtime deployments, limiting its blast radius to development environments.

Google RCE Microsoft Pega Robot Studio Chrome
NVD VulDB
CVSS 4.0
9.0
EPSS
0.0%
CVE-2026-4606 CRITICAL Act Now

GV Edge Recording Manager (ERM) v2.3.1 improperly executes application components with SYSTEM-level privileges, allowing any local user to escalate privileges and gain full control of the operating system. The vulnerability stems from the Windows service running under the LocalSystem account and spawning child processes with elevated privileges, particularly when file dialogs are invoked during operations like data import. This is a local privilege escalation vulnerability with high real-world risk due to the ease of exploitation and the severity of the impact.

Privilege Escalation Microsoft
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2019-25598 MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Denial Of Service
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33419 Go CRITICAL PATCH Act Now

MinIO AIStor's Security Token Service (STS) AssumeRoleWithLDAPIdentity endpoint contains two combined vulnerabilities that enable LDAP credential brute-forcing: distinguishable error messages allowing username enumeration (CWE-204) and missing rate limiting (CWE-307). All MinIO deployments through the final open-source release with LDAP authentication enabled are affected. Unauthenticated network attackers can enumerate valid LDAP usernames, perform unlimited password guessing attacks, and obtain temporary AWS-style STS credentials granting full access to victim users' S3 buckets and objects.

Microsoft Docker Information Disclosure Apple Nginx +1
NVD GitHub VulDB
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-33480 PHP HIGH This Week

AVideo, an open-source video platform, contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to bypass URL validation using IPv4-mapped IPv6 addresses (::ffff:x.x.x.x format). The vulnerable endpoint plugin/LiveLinks/proxy.php can be exploited to access cloud metadata services (AWS, GCP, Azure), internal networks, and localhost services without authentication. A detailed proof-of-concept is publicly available demonstrating credential theft from AWS instance metadata, making this a critical risk for cloud-hosted installations.

SSRF PHP Microsoft Redis
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-33476 Go HIGH POC PATCH This Week

An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.

Information Disclosure Authentication Bypass Path Traversal Microsoft Docker +2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2026-33473 Go MEDIUM PATCH This Month

A time-based one-time password (TOTP) reuse vulnerability exists in Vikunja's authentication implementation where a valid TOTP code can be used multiple times within its 30-second validity window, allowing an attacker who captures or obtains a valid code to authenticate as a targeted user. This affects all users who have enabled two-factor authentication (2FA) on Vikunja instances, and while the CVSS score of 5.7 reflects moderate severity, the vulnerability undermines a critical layer of the defense-in-depth authentication model. A proof-of-concept demonstrating the reuse attack has been publicly disclosed.

Microsoft Authentication Bypass Windows Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-33156 HIGH This Week

ScreenToGif, a widely-used screen recording application, is vulnerable to DLL sideloading attacks through a malicious version.dll file. Versions from 2.42.1 and earlier are affected when the portable executable is run from user-writable directories, which is the primary intended use case for this application. Attackers can achieve arbitrary code execution in the user's context with high impact on confidentiality, integrity, and availability. No public patches are available at the time of disclosure, and no evidence of active exploitation (KEV status) has been reported.

RCE Microsoft Windows
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32310 MEDIUM This Month

Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.

Hashicorp Microsoft Path Traversal Windows
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-25792 MEDIUM This Month

Greenshot versions 1.3.312 and earlier contain an untrusted executable search path vulnerability (CWE-426) that allows local attackers with high privileges to achieve arbitrary code execution by hijacking the explorer.exe binary launch. When a user double-clicks the Greenshot tray icon to open the screenshot directory, the application launches explorer.exe using a relative path rather than an absolute path, enabling an attacker to plant a malicious executable in a prioritized search location. This vulnerability had no patch available at the time of publication and represents a real privilege escalation and code execution risk requiring immediate user action.

RCE Microsoft Windows
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4452 HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library on Windows versions prior to 146.0.7680.153 can be triggered through integer overflow when processing maliciously crafted HTML pages. An unauthenticated remote attacker can exploit this vulnerability by deceiving users into visiting a malicious website, potentially achieving arbitrary code execution. A patch is available across affected platforms including Google Chrome, Microsoft Edge, and various Linux distributions.

Google Microsoft Buffer Overflow Ubuntu Debian +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33371 MEDIUM This Month

An XML External Entity (XXE) vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Exchange Web Services (EWS) SOAP interface due to improper XML input handling. An authenticated attacker can submit crafted XML payloads to an XML parser with external entity resolution enabled, potentially disclosing sensitive local files from the server. No CVSS score, EPSS data, or known exploitation-in-the-wild status is currently available, though the vulnerability has been documented in Zimbra's security advisory system.

XXE Microsoft
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32194 CRITICAL PATCH Act Now

A critical command injection vulnerability exists in Microsoft Bing Images that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability stems from improper neutralization of special characters in user-supplied input, enabling attackers to inject and execute system commands without any user interaction or authentication. With a CVSS score of 9.8 and requiring no special privileges or user interaction, this represents a severe risk to any exposed Bing Images deployments.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32191 CRITICAL PATCH Act Now

A critical OS command injection vulnerability exists in Microsoft Bing Images that allows remote attackers to execute arbitrary commands without authentication. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. With a CVSS score of 9.8 and requiring no user interaction, this represents a severe risk to any systems running vulnerable versions of Bing Images.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32169 CRITICAL PATCH Act Now

Azure Cloud Shell contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges without user interaction. The vulnerability affects Microsoft products and has a critical CVSS score of 10.0, though no patch is currently available. Attackers can leverage network access to achieve privilege elevation across system boundaries.

SSRF Microsoft
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-26139 HIGH PATCH This Week

Microsoft Purview is vulnerable to server-side request forgery (SSRF) that enables unauthenticated remote attackers to escalate privileges across network boundaries. This network-accessible vulnerability requires no user interaction and impacts the confidentiality of affected systems. No patch is currently available.

SSRF Microsoft
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-26138 HIGH PATCH This Week

Microsoft Purview contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges across network boundaries. An attacker can exploit this flaw without user interaction to gain unauthorized access to sensitive resources and functionality. No patch is currently available.

SSRF Microsoft
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-26137 CRITICAL PATCH Act Now

Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. No patch is currently available, making this a significant risk for organizations using the affected service.

SSRF Microsoft
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-26136 MEDIUM PATCH This Month

Microsoft Copilot is vulnerable to command injection through improper neutralization of special elements in user input, allowing an unauthenticated attacker to execute arbitrary commands and disclose sensitive information over the network. The vulnerability affects Microsoft Copilot (version details unspecified in available advisories) and requires user interaction to trigger. While no public proof-of-concept or active exploitation in the wild has been confirmed in the provided intelligence, the moderate CVSS score of 6.5 with high confidentiality impact warrants prompt patching.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26120 MEDIUM PATCH This Month

Microsoft Bing contains a server-side request forgery vulnerability that enables unauthenticated remote attackers to manipulate network communications and access sensitive information. An attacker can exploit this flaw without user interaction to retrieve confidential data or cause service disruption. No patch is currently available.

SSRF Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-23659 HIGH PATCH This Week

A sensitive information exposure vulnerability exists in Microsoft Azure Data Factory that allows unauthorized remote attackers to access and disclose confidential data over the network without authentication. The vulnerability has a high CVSS score of 8.6 due to its network-based attack vector requiring no privileges or user interaction, with scope change indicating potential impact beyond the vulnerable component. No active exploitation has been reported and no proof-of-concept is currently available.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-23658 HIGH PATCH This Week

This vulnerability involves insufficiently protected credentials in Azure DevOps that allows an unauthorized attacker to elevate privileges over a network. The vulnerability affects Azure DevOps versions up to and presents a high-risk authentication bypass issue that could allow attackers to gain unauthorized access with elevated privileges. With a CVSS score of 8.6 and no exploitation complexity barriers, this represents a critical security risk for organizations using affected Azure DevOps instances.

Microsoft Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-4395 LOW PATCH Monitor

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point.

Buffer Overflow Heap Overflow Microsoft
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.2%
CVE-2026-33322 Go CRITICAL PATCH Act Now

JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple Microsoft Suse
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-33294 PHP MEDIUM This Month

The BulkEmbed plugin in AVideo fails to validate thumbnail URLs in its save endpoint, allowing authenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and retrieve responses from internal network resources. An attacker can supply malicious URLs via the bulk embed feature to force the server to make HTTP requests to internal systems and view the cached thumbnail responses. This vulnerability affects PHP-based AVideo installations and requires authentication to exploit.

PHP SSRF Google Microsoft
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33237 PHP MEDIUM PATCH This Month

The AVideo Scheduler plugin fails to validate callback URLs against Server-Side Request Forgery (SSRF) protections, allowing authenticated administrators to configure scheduled tasks that make HTTP requests to internal networks, cloud metadata services, and private IP ranges. An attacker with admin access can retrieve AWS/GCP/Azure instance metadata credentials (including IAM role tokens) or probe internal APIs not exposed to the internet. A proof-of-concept exists demonstrating credential extraction from AWS metadata endpoints at 169.254.169.254.

SSRF PHP Privilege Escalation Microsoft
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32000 npm MEDIUM PATCH This Month

Command injection in OpenClaw versions before 2026.2.19 allows local attackers with limited privileges to execute arbitrary commands when the Lobster extension tool falls back to Windows shell execution after subprocess failures. The vulnerability exists because the tool uses shell: true after spawn errors, enabling attackers to inject shell metacharacters into command arguments. A patch is available for affected users.

Command Injection Microsoft Windows
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.1%
CVE-2026-31999 npm MEDIUM PATCH This Month

OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-31995 npm MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-31994 npm HIGH PATCH This Week

OpenClaw contains a local command injection vulnerability in Windows scheduled task script generation that allows authenticated local attackers to inject arbitrary commands through unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd files. OpenClaw versions prior to 2026.2.19 are affected. Attackers with control over service script generation arguments can execute unintended code in the scheduled task context with high impact to integrity and availability.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-22176 npm MEDIUM PATCH This Month

OpenClaw versions before 2026.2.19 allow local authenticated users to execute arbitrary commands by injecting shell metacharacters into environment variable values during Windows Scheduled Task script generation. The vulnerability stems from unquoted variable assignments in gateway.cmd that fail to sanitize special characters like &, |, ^, %, and !, enabling command injection when the task script runs. A patch is available to address this local privilege escalation risk.

Command Injection Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25667 HIGH This Week

A security vulnerability in Microsoft .NET 8.0 (CVSS 7.5) that allows a remote attacker. High severity vulnerability requiring prompt remediation.

Microsoft Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33226 npm HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google SSRF Docker +1
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-33054 PyPI CRITICAL PATCH Act Now

A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Microsoft Path Traversal Denial Of Service Python Windows
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

### Impact TorchGeo 0.4-0.6.0 used an [`eval`](https://docs.python.org/3/library/functions.html#eval) statement in its model weight API that could allow an unauthenticated, remote attacker to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

FastMCP OAuthProxy allows authentication bypass through a Confused Deputy attack, enabling attackers to hijack victim OAuth sessions and gain unauthorized access to MCP servers. When victims who previously authorized a legitimate MCP client are tricked into opening a malicious authorization URL, the OAuthProxy fails to validate browser-bound consent, redirecting valid authorization codes to attacker-controlled clients. This affects the GitHubProvider integration and potentially all OAuth providers that skip consent prompts for previously authorized applications. No public exploit identified at time of analysis, though detailed reproduction steps are publicly documented in the GitHub security advisory.

Authentication Bypass Microsoft
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Command injection in fastmcp install allows Windows users to execute arbitrary commands via shell metacharacters in server names. When installing a server with a name containing characters like `&` (e.g., `fastmcp install claude-code` with server name `test&calc`), the metacharacter is interpreted by cmd.exe during execution of .cmd wrapper scripts, leading to arbitrary command execution with user privileges. This affects Windows systems running claude or gemini CLI installations; macOS and Linux are unaffected. A patch is available via GitHub PR #3522.

Python Command Injection Apple +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

XML Notepad versions prior to 2.9.0.21 allow remote attackers to leak local file contents or capture NTLM credentials via crafted XML files with malicious DTDs, exploiting disabled-by-default DTD processing that automatically resolves external entities. The vulnerability requires user interaction (opening a malicious XML file) but poses significant confidentiality risk on Windows systems where NTLM credential interception is feasible. Microsoft released patched version 2.9.0.21 to address this XXE (XML External Entity) issue.

Microsoft XXE
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Privilege escalation in OpenText Operations Agent versions 12.29 and earlier on Windows allows local attackers to execute arbitrary code by placing malicious executables in specific writeable directories, which the agent subsequently executes with elevated privileges. The vulnerability requires local access and specific conditions to be present but does not require prior authentication to the agent itself. No public exploit code has been identified, and there is no confirmation of active exploitation at time of analysis.

Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

PAGI::Middleware::Session::Store::Cookie through version 0.001003 generates cryptographically weak initialization vectors (IVs) for session cookie encryption by falling back to Perl's built-in rand() function when /dev/urandom is unavailable, particularly affecting Windows systems. This predictable IV generation enables attackers to decrypt and tamper with session data stored in cookies, compromising session confidentiality and integrity. No active exploitation has been confirmed, but the vulnerability affects all deployments on systems lacking /dev/urandom access.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

DLL search-order hijacking in Anthropic Claude for Windows installer (Claude Setup.exe) versions before 1.1.3363 enables local privilege escalation to system context. An attacker with low privileges and physical or local access can plant a malicious DLL (such as profapi.dll) in the installer directory; when an elevated user runs the installer, the uncontrolled search path causes the malicious DLL to be loaded and executed with system privileges, achieving arbitrary code execution. No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation RCE Microsoft
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.

Information Disclosure Microsoft
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Authorization bypass in OpenClaw's Microsoft Teams plugin allows unauthenticated remote attackers to circumvent sender allowlists and trigger replies in restricted Teams routes. Affecting OpenClaw versions before 2026.3.8, the flaw manifests when team/channel route allowlists contain empty groupAllowFrom parameters, causing the message handler to synthesize wildcard sender authorization instead of enforcing intended restrictions. No public exploit identified at time of analysis, though CVSS 7.5 reflects network-accessible exploitation with low complexity requiring no authentication. Vendor-released patch available in version 2026.3.8 with upstream commit 88aee916.

Authentication Bypass Microsoft
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Authorization bypass in OpenClaw Microsoft Teams plugin (versions before 2026.3.8) permits unauthenticated attackers to circumvent sender allowlists when team/channel routes are configured with empty groupAllowFrom parameters. Remote attackers can exploit this network-accessible flaw with low complexity to trigger unauthorized message replies and access sensitive information in allowlisted Teams routes. EPSS and KEV data not available for this recent CVE; no public exploit identified at time of analysis.

Microsoft Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation via hardcoded build path in vcpkg's OpenSSL binaries affects Windows users of the C/C++ package manager prior to version 3.6.1#3. The vulnerability allows authenticated local attackers with low privileges to achieve high confidentiality, integrity, and availability impact (CVSS 7.8) by exploiting the hardcoded openssldir path that references the original build machine. Upstream fix available (PR #50518, commit 5111afd); patched version 3.6.1#3 released. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

OpenSSL Microsoft Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Information Disclosure Microsoft
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Elevation of privilege in Symantec Data Loss Prevention Windows Endpoint allows authenticated local users to gain SYSTEM-level access and compromise protected resources. Affects all versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. CVSS 7.8 (High) reflects the local attack vector but complete system compromise upon successful exploitation. No public exploit identified at time of analysis, though the CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) classification suggests potential DLL hijacking or similar trust boundary violations.

Information Disclosure Microsoft
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Server-side request forgery (SSRF) in FHIR Validator HTTP service allows unauthenticated remote attackers to probe internal network services and cloud metadata endpoints via the /loadIG endpoint, which accepts arbitrary URLs without hostname or domain validation. The vulnerability defaults to allowing all outbound requests, and redirect following bypasses even configured domain restrictions. With the explore=true default setting, each request amplifies reconnaissance capability through multiple outbound HTTP calls, enabling blind network topology mapping and metadata service access.

SSRF Java Microsoft
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Docker SSRF Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Path traversal in TinaCMS GraphQL (@tinacms/graphql) enables unauthenticated remote attackers to write and overwrite arbitrary files within the project root, including critical configuration files like package.json and build scripts. The vulnerability stems from platform-specific path validation failures that treat backslash characters differently on Unix-based systems, allowing traversal sequences like 'x\..\..\..\package.json' to bypass security checks. With a CVSS score of 8.1 and publicly available exploit code demonstrating the attack, this represents a critical security risk for TinaCMS deployments, particularly those exposed to untrusted networks. No CISA KEV listing exists, but the proof-of-concept demonstrates clear exploitation paths to arbitrary code execution via build script modification.

Path Traversal RCE Microsoft
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Docker Microsoft Apple +2
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) contains a defense-in-depth vulnerability affecting all versions that allows remote attackers to disclose sensitive information and modify data through a network-based attack requiring user interaction. The vulnerability carries a CVSS score of 4.2 (low severity) with high attack complexity, indicating limited real-world exploitability despite dual confidentiality and integrity impacts. A vendor-released patch is available from Microsoft.

Microsoft Google XSS
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.

Microsoft Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

KQL injection in adx-mcp-server Python package allows authenticated attackers to execute arbitrary Kusto queries against Azure Data Explorer clusters. Three MCP tool handlers (get_table_schema, sample_table_data, get_table_details) unsafely interpolate the table_name parameter into query strings via f-strings, enabling data exfiltration from arbitrary tables, execution of management commands, and potential table drops. Vendor-released patch available (commit 0abe0ee). No public exploit identified at time of analysis, though proof-of-concept code exists in the security advisory demonstrating injection via comment-based bypass and newline-separated commands. Affects adx-mcp-server ≤ commit 48b2933.

Microsoft RCE Nosql Injection +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 are vulnerable to command injection in the software installer pipeline, enabling remote attackers with high privileges to achieve arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when triggering uninstall operations on crafted software packages. The vulnerability requires high privileges and user interaction but delivers complete system compromise on affected managed hosts. No public exploit code or active exploitation has been identified at time of analysis.

RCE Command Injection Apple +1
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

PyLoad download manager (version 0.5.0 and potentially earlier, distributed via pip as pyload-ng) allows authenticated users to perform Server-Side Request Forgery attacks by submitting arbitrary URLs through the /api/addPackage endpoint without validation. Attackers with valid credentials can exfiltrate cloud provider metadata from AWS EC2, DigitalOcean, Google Cloud, and Azure instances, exposing IAM credentials, SSH keys, API tokens, and internal network topology. A proof-of-concept demonstration is documented with live instance credentials, and upstream fix available (PR/commit); released patched version not independently confirmed based on GitHub commit reference b76b6d4ee5e32d2118d26afdee1d0a9e57d4bfe8.

SSRF Microsoft Python +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated SQL injection in Group-Office's JMAP Contact/query endpoint allows any user with basic addressbook permissions to extract database contents, including active session tokens, enabling full account takeover of any user including System Administrators. Affects Group-Office versions before 6.8.158, 25.0.92, and 26.0.17. EPSS exploitation probability is low (0.03%, 9th percentile) with no public exploit or active exploitation confirmed. Despite 8.8 CVSS score, real-world risk depends heavily on whether attackers can obtain valid low-privilege credentials first.

SQLi Microsoft
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

OpenText Identity Manager versions up to 25.2 (v4.10.1) suffer from insecure cache handling that permits remote authenticated users to retrieve another user's session data, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this cache misconfiguration on both Windows and Linux deployments to access sensitive session information belonging to other authenticated users, compromising confidentiality of user sessions and potentially enabling lateral movement or privilege escalation attacks.

Information Disclosure Microsoft
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Stored cross-site scripting in Thales Sentinel LDK Runtime on Windows allows attackers with local access to inject malicious scripts that execute with high integrity impact. All versions before 10.22 are affected. The CVSS 4.0 base score of 7.0 reflects local attack vector with no privileges required and no user interaction. Proof-of-concept exploit code exists (CVSS:4.0 E:P). CISA KEV does not list this vulnerability as actively exploited at time of analysis.

XSS Microsoft
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

CodeRider-Kilo's command auto-approval module fails to correctly parse Windows CMD escape sequences (^), allowing attackers to bypass its Git command whitelist and achieve arbitrary remote code execution. The vulnerability exploits a mismatch between the Unix-based shell-quote parser used for validation and the actual Windows CMD interpreter behavior, enabling attackers to inject malicious commands through crafted payloads such as git log ^" & malicious_command ^". No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Microsoft Command Injection
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A command injection vulnerability in command auto-approval module in Axon Code (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

RCE Command Injection Microsoft
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Certificate chain spoofing in node-forge (npm) <= 1.3.3 lets an attacker present any non-CA leaf certificate as a trusted intermediate CA, because pki.verifyCertificateChain() skips RFC 5280 basicConstraints enforcement when a certificate carries neither the basicConstraints nor the keyUsage extension. An attacker holding such a leaf certificate can sign certificates for arbitrary identities and have node-forge accept the forged chain, defeating authentication for any application relying on it for custom PKI, S/MIME, PKCS#7, or device-certificate validation. Rated CVSS 9.1 by the reporter and fixed in 1.4.0; publicly available exploit code exists (full PoC in the GHSA), but EPSS is only 0.02% and it is not on CISA KEV.

Microsoft Buffer Overflow OpenSSL
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The node-forge cryptographic library for Node.js suffers from a complete Denial of Service condition when the BigInteger.modInverse() function receives zero as input, causing an infinite loop that consumes 100% CPU and blocks the event loop indefinitely. All versions of node-forge (npm package) are affected, impacting applications that process untrusted cryptographic parameters through DSA/ECDSA signature verification or custom modular arithmetic operations. CVSS 7.5 (High severity) reflects network-reachable, unauthenticated exploitation with no user interaction required. A working proof-of-concept exists demonstrating the vulnerability triggers within 5 seconds. Vendor patch is available via GitHub commit 9bb8d67b99d17e4ebb5fd7596cd699e11f25d023.

Node.js Microsoft Apple +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

PHP applications using the affected functions fail to re-validate redirect targets during HTTP requests, allowing attackers to bypass SSRF protections by chaining a legitimate public URL with a redirect to internal resources. An attacker can exploit this weakness in endpoints that fetch remote content after initial URL validation, potentially gaining access to private IP ranges and internal services. A patch is available.

SSRF PHP Microsoft
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cilium Network Policy enforcement is bypassed for traffic from pods to L7 Services with local backends on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing authenticated local attackers to circumvent ingress network policies and access restricted services. This affects Cilium v1.19.0-v1.19.1, v1.18.0-v1.18.7, and all versions prior to v1.17.13, with the most common vulnerable deployment being Amazon EKS with Cilium ENI mode. Vendor-released patches are available (v1.19.2, v1.18.8, v1.17.14), and no public exploit code has been identified at the time of analysis.

Microsoft Kubernetes Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH This Week

RATOC RAID Monitoring Manager for Windows contains an insecure directory permissions vulnerability when the installation folder is customized to a non-default location. The installer fails to properly set access control lists (ACLs) on custom installation directories, allowing non-administrative users to modify folder contents and execute arbitrary code with SYSTEM privileges. With a CVSS 4.0 score of 8.5, this represents a high-severity local privilege escalation vulnerability affecting Windows systems where this RAID management software is installed.

Microsoft RCE Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

RATOC RAID Monitoring Manager for Windows contains a DLL hijacking vulnerability in its installer that loads DLLs from the current directory without proper path validation. If an attacker can place a malicious DLL in the directory where a user runs the installer, arbitrary code can be executed with administrator privileges. The vulnerability has a CVSS score of 8.4 with local attack vector requiring user interaction, and has been publicly disclosed through JPCERT coordination with vendor advisory available.

Microsoft RCE
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Streamlit Open Source versions prior to 1.54.0 running on Windows contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the ComponentRequestHandler that improperly validates filesystem paths, allowing attackers to coerce the Streamlit server into initiating outbound SMB connections to attacker-controlled hosts. This can result in the exposure of NTLMv2 credential hashes for the Windows user running the Streamlit process, which may be subjected to offline brute-force attacks or relayed to other internal services. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, but a patch is available from the vendor (version 1.54.0), and the attack requires network adjacency (AV:A) and is not trivial to exploit (AC:H).

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Sonarr, a PVR application for Usenet and BitTorrent users, contains an unauthenticated path traversal vulnerability on Windows systems that allows remote attackers to read arbitrary files accessible to the Sonarr process. Affected versions include all 4.x branch releases prior to 4.0.17.2950 (nightly/develop) or 4.0.17.2952 (stable/main). With a CVSS score of 8.6 and network-based unauthenticated access (AV:N/PR:N), this represents a significant confidentiality risk allowing attackers to extract API keys, database credentials, and sensitive system files from Windows installations.

Apple Microsoft Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A SSRF vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

SSRF Microsoft Apple
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

PrestaShop contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the back-office (BO) administration panel. An attacker with limited back-office access or who has exploited a separate vulnerability to inject data into the database can exploit unprotected template variables to execute arbitrary JavaScript in administrators' browsers. The CVSS score of 7.7 reflects high attack complexity and the requirement for high privileges, though no evidence of active exploitation (KEV) or public proof-of-concept is currently available.

XSS Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.

Cisco Denial Of Service Microsoft +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's NFC (Near Field Communication) NCI subsystem where pending data exchange operations are not properly completed when a device is closed, causing socket references to be held indefinitely. This affects all Linux kernel versions with the vulnerable NFC NCI code path. An attacker with local access to NFC functionality could trigger repeated device close operations to exhaust memory resources, leading to denial of service. While no CVSS score or EPSS data is currently available, the issue is being actively addressed through kernel patches as evidenced by multiple commit references.

Linux Information Disclosure Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

A DLL hijacking vulnerability exists in the installer for OM Workspace (Windows Edition) Ver 2.4 and earlier, allowing local attackers to execute arbitrary code with the privileges of the user running the installer. The vulnerability is reported by JPCERT and affects software from OM Digital Solutions Corporation. With a CVSS score of 7.8 (High), the vulnerability requires local access and user interaction but no special privileges, making it a moderate real-world risk for targeted attacks during software installation.

RCE Microsoft Windows
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.

RCE Microsoft Windows
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.

Information Disclosure RCE Deserialization +3
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A command injection vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Google RCE Command Injection +5
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.7.0 that allows authenticated users to access internal network services, cloud metadata endpoints, and localhost-bound services. The vulnerability exists in three unprotected attack surfaces: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job-areas that were missed when SSRF protections were partially implemented in an earlier patch (CVE-2026-30840). An attacker with valid credentials can leverage these endpoints to reach sensitive internal resources including AWS IMDSv1, GCP, and Azure metadata services.

SSRF Microsoft Ollama +1
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

sbt on Windows is vulnerable to command injection through unvalidated URI fragments in VCS dependency declarations. When resolving git, mercurial, or subversion repositories, sbt passes user-controlled branch, tag, or revision parameters directly to cmd.exe without sanitization, allowing attackers to inject arbitrary Windows commands via special characters like &, |, and ; that cmd /c interprets as command separators. An attacker who controls a dependency URI in a project's build.sbt file can execute arbitrary commands with the privileges of the user running sbt. A proof-of-concept exists demonstrating execution of calc.exe, and patches are available from the vendor for sbt versions 1.12.7 and later.

Microsoft Command Injection Windows +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

This vulnerability in Roadiz's DownloadedFile::fromUrl() method allows authenticated users with ROLE_ACCESS_DOCUMENTS to read arbitrary files from the server via PHP stream wrapper abuse, specifically by injecting file:// URIs into media import workflows. An attacker can extract sensitive files including .env configuration files, database credentials, and system files, achieving complete confidentiality compromise of the application and potentially the underlying infrastructure. A proof-of-concept exists demonstrating exploitation through malicious Podcast RSS feeds, and a patch is available from the vendor.

PHP SSRF Microsoft +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

BeeWare Briefcase Windows MSI installer templates (versions <0.3.26, <0.4.0, <0.4.1) create installation directories with insecure inherited permissions when installed per-machine. Low-privilege authenticated local users can replace application binaries, achieving privilege escalation when an administrator later executes the modified binary. Vendor-released patches available for 0.3.26, 0.4.0, and 0.4.1. EPSS score of 0.01% indicates minimal observed exploitation attempts; no KEV listing or public POC identified.

Information Disclosure Microsoft
NVD GitHub
CVSS 5.8
MEDIUM PATCH This Month

OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.

Code Injection Microsoft Windows
NVD GitHub
CVSS 7.0
HIGH PATCH This Week

OpenClaw 2026.1.21 through 2026.2.18 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism. Local authenticated users with low privileges can execute arbitrary commands when spawn failures trigger shell fallback with cmd.exe, exploiting workflow-controlled parameters. A patch is available from the vendor, and while no KEV or EPSS data indicates active exploitation at this time, the vulnerability has a CVSS score of 7.0 (High).

Command Injection Microsoft Windows
NVD GitHub
CVSS 7.8
HIGH PATCH This Week

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in the Windows scheduled task script generation component. Attackers with low-level local privileges and control over service script generation values can inject cmd metacharacters into the gateway.cmd arguments to execute arbitrary commands with high impact to confidentiality, integrity, and availability. There is no indication of active exploitation (not in CISA KEV), but a patch commit is publicly available which may facilitate proof-of-concept development.

Microsoft Command Injection Windows
NVD GitHub
CVSS 7.4
HIGH PATCH This Week

OpenClaw, an open-source game engine component, contains a command injection vulnerability in its Windows Scheduled Task script generation mechanism. Versions prior to 2026.2.18 write environment variables unquoted to gateway.cmd files, allowing attackers to inject shell metacharacters that break out of assignment context and execute arbitrary commands when the scheduled task runs. This vulnerability has a CVSS score of 7.4 (High) with local attack vector and high attack complexity, and a patch is currently available from the vendor.

Command Injection Microsoft Windows
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

An arbitrary file-write vulnerability exists in Pega Browser Extension (PBE) affecting Pega Robot Studio developers using versions 22.1 or R25 who automate Google Chrome and Microsoft Edge browsers. A threat actor can craft a malicious website that, when visited by a developer during interrogation mode in Robot Studio, executes arbitrary file-write operations on the developer's system. This vulnerability does not affect end-user Robot Runtime deployments, limiting its blast radius to development environments.

Google RCE Microsoft +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

GV Edge Recording Manager (ERM) v2.3.1 improperly executes application components with SYSTEM-level privileges, allowing any local user to escalate privileges and gain full control of the operating system. The vulnerability stems from the Windows service running under the LocalSystem account and spawning child processes with elevated privileges, particularly when file dialogs are invoked during operations like data import. This is a local privilege escalation vulnerability with high real-world risk due to the ease of exploitation and the severity of the impact.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD Exploit-DB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

MinIO AIStor's Security Token Service (STS) AssumeRoleWithLDAPIdentity endpoint contains two combined vulnerabilities that enable LDAP credential brute-forcing: distinguishable error messages allowing username enumeration (CWE-204) and missing rate limiting (CWE-307). All MinIO deployments through the final open-source release with LDAP authentication enabled are affected. Unauthenticated network attackers can enumerate valid LDAP usernames, perform unlimited password guessing attacks, and obtain temporary AWS-style STS credentials granting full access to victim users' S3 buckets and objects.

Microsoft Docker Information Disclosure +3
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

AVideo, an open-source video platform, contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to bypass URL validation using IPv4-mapped IPv6 addresses (::ffff:x.x.x.x format). The vulnerable endpoint plugin/LiveLinks/proxy.php can be exploited to access cloud metadata services (AWS, GCP, Azure), internal networks, and localhost services without authentication. A detailed proof-of-concept is publicly available demonstrating credential theft from AWS instance metadata, making this a critical risk for cloud-hosted installations.

SSRF PHP Microsoft +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.

Information Disclosure Authentication Bypass Path Traversal +4
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

A time-based one-time password (TOTP) reuse vulnerability exists in Vikunja's authentication implementation where a valid TOTP code can be used multiple times within its 30-second validity window, allowing an attacker who captures or obtains a valid code to authenticate as a targeted user. This affects all users who have enabled two-factor authentication (2FA) on Vikunja instances, and while the CVSS score of 5.7 reflects moderate severity, the vulnerability undermines a critical layer of the defense-in-depth authentication model. A proof-of-concept demonstrating the reuse attack has been publicly disclosed.

Microsoft Authentication Bypass Windows +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

ScreenToGif, a widely-used screen recording application, is vulnerable to DLL sideloading attacks through a malicious version.dll file. Versions from 2.42.1 and earlier are affected when the portable executable is run from user-writable directories, which is the primary intended use case for this application. Attackers can achieve arbitrary code execution in the user's context with high impact on confidentiality, integrity, and availability. No public patches are available at the time of disclosure, and no evidence of active exploitation (KEV status) has been reported.

RCE Microsoft Windows
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.

Hashicorp Microsoft Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Greenshot versions 1.3.312 and earlier contain an untrusted executable search path vulnerability (CWE-426) that allows local attackers with high privileges to achieve arbitrary code execution by hijacking the explorer.exe binary launch. When a user double-clicks the Greenshot tray icon to open the screenshot directory, the application launches explorer.exe using a relative path rather than an absolute path, enabling an attacker to plant a malicious executable in a prioritized search location. This vulnerability had no patch available at the time of publication and represents a real privilege escalation and code execution risk requiring immediate user action.

RCE Microsoft Windows
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library on Windows versions prior to 146.0.7680.153 can be triggered through integer overflow when processing maliciously crafted HTML pages. An unauthenticated remote attacker can exploit this vulnerability by deceiving users into visiting a malicious website, potentially achieving arbitrary code execution. A patch is available across affected platforms including Google Chrome, Microsoft Edge, and various Linux distributions.

Google Microsoft Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

An XML External Entity (XXE) vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Exchange Web Services (EWS) SOAP interface due to improper XML input handling. An authenticated attacker can submit crafted XML payloads to an XML parser with external entity resolution enabled, potentially disclosing sensitive local files from the server. No CVSS score, EPSS data, or known exploitation-in-the-wild status is currently available, though the vulnerability has been documented in Zimbra's security advisory system.

XXE Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A critical command injection vulnerability exists in Microsoft Bing Images that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability stems from improper neutralization of special characters in user-supplied input, enabling attackers to inject and execute system commands without any user interaction or authentication. With a CVSS score of 9.8 and requiring no special privileges or user interaction, this represents a severe risk to any exposed Bing Images deployments.

Command Injection Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A critical OS command injection vulnerability exists in Microsoft Bing Images that allows remote attackers to execute arbitrary commands without authentication. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. With a CVSS score of 9.8 and requiring no user interaction, this represents a severe risk to any systems running vulnerable versions of Bing Images.

Command Injection Microsoft
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Azure Cloud Shell contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges without user interaction. The vulnerability affects Microsoft products and has a critical CVSS score of 10.0, though no patch is currently available. Attackers can leverage network access to achieve privilege elevation across system boundaries.

SSRF Microsoft
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Microsoft Purview is vulnerable to server-side request forgery (SSRF) that enables unauthenticated remote attackers to escalate privileges across network boundaries. This network-accessible vulnerability requires no user interaction and impacts the confidentiality of affected systems. No patch is currently available.

SSRF Microsoft
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Microsoft Purview contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges across network boundaries. An attacker can exploit this flaw without user interaction to gain unauthorized access to sensitive resources and functionality. No patch is currently available.

SSRF Microsoft
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. No patch is currently available, making this a significant risk for organizations using the affected service.

SSRF Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Copilot is vulnerable to command injection through improper neutralization of special elements in user input, allowing an unauthenticated attacker to execute arbitrary commands and disclose sensitive information over the network. The vulnerability affects Microsoft Copilot (version details unspecified in available advisories) and requires user interaction to trigger. While no public proof-of-concept or active exploitation in the wild has been confirmed in the provided intelligence, the moderate CVSS score of 6.5 with high confidentiality impact warrants prompt patching.

Command Injection Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Bing contains a server-side request forgery vulnerability that enables unauthenticated remote attackers to manipulate network communications and access sensitive information. An attacker can exploit this flaw without user interaction to retrieve confidential data or cause service disruption. No patch is currently available.

SSRF Microsoft
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

A sensitive information exposure vulnerability exists in Microsoft Azure Data Factory that allows unauthorized remote attackers to access and disclose confidential data over the network without authentication. The vulnerability has a high CVSS score of 8.6 due to its network-based attack vector requiring no privileges or user interaction, with scope change indicating potential impact beyond the vulnerable component. No active exploitation has been reported and no proof-of-concept is currently available.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

This vulnerability involves insufficiently protected credentials in Azure DevOps that allows an unauthorized attacker to elevate privileges over a network. The vulnerability affects Azure DevOps versions up to and presents a high-risk authentication bypass issue that could allow attackers to gain unauthorized access with elevated privileges. With a CVSS score of 8.6 and no exploitation complexity barriers, this represents a critical security risk for organizations using affected Azure DevOps instances.

Microsoft Authentication Bypass
NVD VulDB
EPSS 0% CVSS 1.3
LOW PATCH Monitor

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point.

Buffer Overflow Heap Overflow Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple +2
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

The BulkEmbed plugin in AVideo fails to validate thumbnail URLs in its save endpoint, allowing authenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and retrieve responses from internal network resources. An attacker can supply malicious URLs via the bulk embed feature to force the server to make HTTP requests to internal systems and view the cached thumbnail responses. This vulnerability affects PHP-based AVideo installations and requires authentication to exploit.

PHP SSRF Google +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The AVideo Scheduler plugin fails to validate callback URLs against Server-Side Request Forgery (SSRF) protections, allowing authenticated administrators to configure scheduled tasks that make HTTP requests to internal networks, cloud metadata services, and private IP ranges. An attacker with admin access can retrieve AWS/GCP/Azure instance metadata credentials (including IAM role tokens) or probe internal APIs not exposed to the internet. A proof-of-concept exists demonstrating credential extraction from AWS metadata endpoints at 169.254.169.254.

SSRF PHP Privilege Escalation +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Command injection in OpenClaw versions before 2026.2.19 allows local attackers with limited privileges to execute arbitrary commands when the Lobster extension tool falls back to Windows shell execution after subprocess failures. The vulnerability exists because the tool uses shell: true after spawn errors, enabling attackers to inject shell metacharacters into command arguments. A patch is available for affected users.

Command Injection Microsoft Windows
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.

Command Injection Microsoft Openclaw +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.

Command Injection Microsoft Openclaw +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

OpenClaw contains a local command injection vulnerability in Windows scheduled task script generation that allows authenticated local attackers to inject arbitrary commands through unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd files. OpenClaw versions prior to 2026.2.19 are affected. Attackers with control over service script generation arguments can execute unintended code in the scheduled task context with high impact to integrity and availability.

Command Injection Microsoft Openclaw +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

OpenClaw versions before 2026.2.19 allow local authenticated users to execute arbitrary commands by injecting shell metacharacters into environment variable values during Windows Scheduled Task script generation. The vulnerability stems from unquoted variable assignments in gateway.cmd that fail to sanitize special characters like &, |, ^, %, and !, enabling command injection when the task script runs. A patch is available to address this local privilege escalation risk.

Command Injection Microsoft Openclaw +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A security vulnerability in Microsoft .NET 8.0 (CVSS 7.5) that allows a remote attacker. High severity vulnerability requiring prompt remediation.

Microsoft Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google +3
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Microsoft Path Traversal Denial Of Service +2
NVD GitHub VulDB
Prev Page 21 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy