Export limit exceeded: 344976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344976 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28395 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.5 Medium |
| OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header. | ||||
| CVE-2026-28447 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.1 High |
| OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command. | ||||
| CVE-2026-28448 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.3 High |
| OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion. | ||||
| CVE-2026-28450 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.8 Medium |
| OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote attackers can exploit these endpoints to read sensitive profile data, modify Nostr profiles, persist malicious changes to gateway configuration, and publish signed Nostr events using the bot's private key when the gateway HTTP port is accessible beyond localhost. | ||||
| CVE-2026-28451 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.3 High |
| OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media. | ||||
| CVE-2026-28454 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.5 High |
| OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands. | ||||
| CVE-2026-28457 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.1 Medium |
| OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory. | ||||
| CVE-2026-28459 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.1 High |
| OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append data repeatedly, potentially causing configuration corruption or denial of service. | ||||
| CVE-2026-28462 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.5 High |
| OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST /trace/stop, POST /wait/download, and POST /download endpoints to write files outside intended temp roots. | ||||
| CVE-2026-28464 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 5.9 Medium |
| OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token. | ||||
| CVE-2026-28466 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 9.9 Critical |
| OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners. | ||||
| CVE-2026-31049 | 1 Hostbillapp | 1 Hostbill | 2026-04-16 | 9.8 Critical |
| An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field | ||||
| CVE-2025-61260 | 1 Openai | 1 Codex | 2026-04-16 | 9.8 Critical |
| A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. | ||||
| CVE-2026-30480 | 1 Librenms | 1 Librenms | 2026-04-16 | N/A |
| A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter. | ||||
| CVE-2025-69893 | 1 Satoshilabs | 3 Trezor One, Trezor Safe, Trezor T | 2026-04-16 | N/A |
| A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched. | ||||
| CVE-2025-65133 | 1 Manikandan580 | 1 School Management System | 2026-04-16 | N/A |
| A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information. | ||||
| CVE-2026-38533 | 1 Snipeitapp | 1 Snipe-it | 2026-04-16 | N/A |
| An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request. | ||||
| CVE-2025-70023 | 1 Transloadit | 1 Uppy | 2026-04-16 | N/A |
| An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. | ||||
| CVE-2026-31908 | 1 Apache | 1 Apisix | 2026-04-16 | N/A |
| Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue. | ||||
| CVE-2026-5754 | 1 Radware | 1 Alteon | 2026-04-16 | N/A |
| Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities. | ||||