Lucene search
+L
CvelistRecent

366819 matches found

cvelist
cvelist
added 2 hours ago4 views

CVE-2026-14956 Bricksforge <= 3.1.8.6 - Unauthenticated Privilege Escalation via Pro Forms fieldIds Parameter

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS
Exploits0References2
cvelist
cvelist
added 2 hours ago6 views

CVE-2026-2594 Smart Custom Fields <= 5.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References3
cvelist
cvelist
added 3 hours ago5 views

CVE-2026-62387 Grav < 1.0.0-rc.16 CORS Misconfiguration via API Plugin

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: as its default CORS configuration on all responses, including authenticated endpoints and preflight OPTIONS responses. Because the plugin accepts credentials via the Authorization and X-API-Token...

7.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago6 views

CVE-2026-62241 clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago8 views

CVE-2026-62386 Grav < 1.0.0-rc.16 Authentication Bypass via token URL Parameter

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago5 views

CVE-2026-62238 OpenRemote < 1.26.0 SQL Injection via Crosstab Export

OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through...

7.2CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago6 views

CVE-2026-62236 grav-plugin-login < 3.8.11 CSRF via regenerate2FASecret

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago5 views

CVE-2026-62237 Grav < 2.0.4 ReDoS via regex_replace in Sandbox

Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...

6.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago4 views

CVE-2026-62235 Grav Flex-Objects < 1.4.3 Authorization Bypass via API

Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...

6.3CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago4 views

CVE-2026-62233 grav-plugin-api < 1.0.6 Privilege Escalation via createApiKey

grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achiev...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago5 views

CVE-2026-62234 Grav < 2.0.4 SSRF via Unrestricted cURL Protocols

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...

8.4CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago4 views

CVE-2026-62232 Grav < 2.0.4 2FA Bypass via Secret Regeneration

Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF...

9.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62231 Grav < 1.0.6 API Key Scope Bypass via ApiKeyAuthenticator

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62230 Grav < 2.0.4 File Access Bypass via Case Variation

Grav before 2.0.4 ships a default .htaccess and reference webserver-configs/htaccess.txt whose rules blocking access to sensitive file types .yaml, .php, .json, etc. lack the NC flag, making extension matching case-sensitive. On case-insensitive filesystems Windows/NTFS, macOS/HFS+, or Docker...

8.7CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62227 OpenClaw 2026.4.14 < 2026.5.26 SSRF via Browser Snapshot

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago4 views

CVE-2026-62228 OpenClaw < 2026.6.5 Authorization Bypass via Node Exec Approvals

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62226 OpenClaw 2026.3.28 < 2026.5.19 Authorization Bypass via Browser Act Route

OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...

8.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62225 OpenClaw < 2026.5.18 Authorization Bypass via Skill Command Dispatch

OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform...

5.4CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62224 OpenClaw MS Teams < 2026.5.12 Authorization Bypass

OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected featur...

5.4CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago6 views

CVE-2026-62223 OpenClaw < 2026.5.18 Authorization Bypass via Device-pair

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62222 OpenClaw < 2026.5.22 Untrusted Plugin Loading via Setup-mode

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...

7.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62221 OpenClaw 2026.5.12 < 2026.5.26 Authorization Bypass via allowFrom

OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect authorization vulnerability in the ClickClack allowFrom feature. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization,...

5.4CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62220 OpenClaw 2026.2.25 < 2026.5.26 WebSocket Rate Limit Bypass

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62219 OpenClaw 2026.2.12 < 2026.5.26 Authorization Bypass via Blank Agent IDs

OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...

7.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62217 OpenClaw 2026.5.14-beta.1 < 2026.5.27 Authentication Bypass via exec approvals

OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, allowing...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62218 OpenClaw 2026.1.20 < 2026.5.27 Authorization Bypass via device.pair.approve

OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62216 OpenClaw 2026.4.20 < 2026.5.28 Policy Bypass via Media Upload

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy server-side request forgery. The practical impac...

5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62214 OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62215 OpenClaw < 2026.6.5 Authentication Bypass via HTTP Canvas

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths,...

8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62213 OpenClaw < 2026.5.27 Token Leakage via MS Teams Outbound Requests

OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary...

6.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62211 OpenClaw < 2026.6.1 Credential Redaction Bypass via Trajectory Export

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62212 OpenClaw < 2026.5.28 Authentication Bypass via safeFetch

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62210 OpenClaw < 2026.6.1 Denial of Service via Remote Media URLs

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce...

6.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62208 OpenClaw < 2026.6.5 Authorization Header Forwarding via SSE

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62209 OpenClaw 2026.5.10-beta.1 < 2026.6.5 Authorization Bypass via agent-mode dispatch

OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the ClickClack agent-mode dispatch feature, which could ignore the toolsAllow policy check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions...

8.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62207 OpenClaw < 2026.6.5 Authentication Bypass via Admin Tools

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62206 OpenClaw < 2026.6.9 Authentication Bypass via Moderation Actions

OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact...

7.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62205 OpenClaw 2026.4.12-beta.1 < 2026.6.6 Authorization Bypass via message actions

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...

7.1CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62203 OpenClaw < 2026.6.6 Environment Variable Injection via rustup

OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host exec that fails to properly sanitize rustup startup variables. Attackers with lower-trust caller access or configured input paths can execute or persist actions beyond their intended authorization...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago3 views

CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-62202 OpenClaw 2026.6.1 < 2026.6.9 Privilege Escalation via Cron

OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows lower-trust callers to regain denied execution tools. Attackers can execute or persist actions beyond their intended authorization by leveraging misconfigured input paths in t...

8.8CVSS
Exploits0References2
cvelist
cvelist
added 3 hours ago2 views

CVE-2026-44251 Wazuh : size_t underflow in msgs.c ReadSecMSG causes wazuh-remoted DoS and potential heap overflow via crafted agent message

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a sizet integer underflow in oscrypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately...

6.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday2 views

CVE-2026-40106 Wazuh: Heap-based Buffer Overflow in syscheck Registry Wildcard Expansion (LPE / DoS)

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards or...

4.7CVSS
Exploits0References1
cvelist
cvelist
added yesterday5 views

CVE-2026-39359 Wazuh: Unauthenticated Path Traversal in authd via Agent Group Name

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.0.0 through 4.10.3 and 4.11.0 through 4.14.4, a logic flaw affects the Wazuh Manager's enrollment daemon authd and synchronization daemon remoted. The authd process allows agents to select ...

7.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday6 views

CVE-2026-34150 Wazuh: Heap buffer overflow in wazuh-analysisd via rootcheck event parsing

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SI...

7.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday5 views

CVE-2026-33754 Wazuh: Unauthenticated cluster packet length leads to uncontrolled memory allocation (remote DoS)

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.9.0 and above, prior to 4.14.5, a remote attacker can trigger memory exhaustion in the cluster protocol parser by sending a crafted message header with an arbitrarily large payload length...

6.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday5 views

CVE-2026-33434 Wazuh: Rate Limit Bypass via /events Endpoint

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.6.0 and above, prior to 4.14.5, a logic error in CheckRateLimitsMiddleware.dispatch causes the /events endpoint rate check to unconditionally overwrite the general rate limit result. When t...

4.3CVSS
Exploits0References1
cvelist
cvelist
added yesterday4 views

CVE-2026-54340 h2o has HTTP/2 state amplification

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 9265bdd, there is an HTTP/2 state amplification issue that combines HPACK decompression amplification with Slowloris-style stream stalling. Amplified decoded header state can be retained by stalled HTTP/2 streams,...

7.5CVSS
Exploits0References2
cvelist
cvelist
added yesterday9 views

CVE-2026-44453 h2o is vulnerable to musl libc stack overflow

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the file path on stack, by calling alloca. The maximum size of the memor...

7.5CVSS0.00052EPSS
Exploits0References2
Total number of security vulnerabilities366819