CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 hours ago•2 views

EUVD-2026-36608

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

6.9CVSS5.2AI score

NVD•added yesterday•4 views

CVE-2026-53827

6.5CVSS

NVD•added yesterday•6 views

CVE-2026-53820

6.9CVSS

Cvelist•added yesterday•9 views

CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

6.5CVSS

Cvelist•added yesterday•9 views

CVE-2026-53820 OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn

6.9CVSS

EUVD•added yesterday•3 views

EUVD-2026-36588

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS5.4AI score0.00042EPSS

Exploits0References1

NVD•added yesterday•6 views

CVE-2026-49993

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

5.9CVSS0.00024EPSS

NVD•added yesterday•5 views

CVE-2026-45670

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS0.00022EPSS

Cvelist•added yesterday•10 views

CVE-2026-49993 @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)

5.9CVSS0.00024EPSS

EUVD•added yesterday•3 views

EUVD-2026-36421

5.9CVSS5.2AI score0.00024EPSS

CVE•added yesterday•8 views

CVE-2026-49993

Nuxt (Vue.js) users using the @nuxt/rspack-builder and @nuxt/webpack-builder are affected. The CVE concerns an incomplete fix for GHSA-6m52-m754-pw2g in versions 3.15.4–3.21.6 and 4.0.0–4.4.6, where the dev server could leak source code if bound to a non-loopback address and a malicious site is o...

5.9CVSS5.3AI score0.00024EPSS

EUVD•added yesterday•3 views

EUVD-2026-36419

5.9CVSS5.2AI score0.00022EPSS

Vulnrichment•added yesterday•3 views

CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

5.9CVSS5.2AI score0.00022EPSS

CVE•added yesterday•17 views

CVE-2026-45670

Summary (CVE-2026-45670) Nuxt.js dev-server exposure issue affects @nuxt/webpack-builder and @nuxt/rspack-builder. An incomplete fix for GHSA-4gf7-ff8x-hq99 allowed source-code leakage when the dev server is bound to a non-loopback address (for example, nuxt dev --host) and a user visits a malici...

5.9CVSS5.2AI score0.00022EPSS

Cvelist•added yesterday•9 views

CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

5.9CVSS0.00022EPSS

Nuclei•added yesterday•31 views

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

5.3CVSS6.9AI score0.02218EPSS