Lucene search
+L
VulnrichmentRecent

163634 matches found

vulnrichment
vulnrichment
•added 2026/06/14 6:0 a.m.•6 views

CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

6AI score0.00159EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/14 3:49 a.m.•9 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.2AI score0.00291EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/14 3:23 a.m.•9 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
vulnrichment
vulnrichment
•added 2026/06/13 11:15 p.m.•9 views

CVE-2026-12176 SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

5.3CVSS3.6AI score0.00265EPSS
Exploits0References5
vulnrichment
vulnrichment
•added 2026/06/13 10:45 p.m.•10 views

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS5.1AI score0.00214EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/13 8:15 p.m.•13 views

CVE-2026-12174 D-Link DCS-935L HTTP rhea snprintf format string

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

9CVSS7.6AI score0.00582EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/13 5:36 p.m.•11 views

CVE-2026-12183

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS5.6AI score0.00548EPSS
Exploits0References4
vulnrichment
vulnrichment
•added 2026/06/13 4:34 p.m.•7 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
vulnrichment
vulnrichment
•added 2026/06/13 11:25 a.m.•11 views

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References2
vulnrichment
vulnrichment
•added 2026/06/13 8:38 a.m.•11 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 8:29 a.m.•8 views

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/13 7:51 a.m.•8 views

CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 7:51 a.m.•8 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/13 7:51 a.m.•9 views

CVE-2026-3297 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.5AI score0.00155EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 6:47 a.m.•9 views

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS5.5AI score0.00203EPSS
Exploits0References5
vulnrichment
vulnrichment
•added 2026/06/13 6:0 a.m.•9 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.2AI score0.00145EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/13 6:0 a.m.•9 views

CVE-2026-9062 Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/13 5:32 a.m.•8 views

CVE-2026-9109 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00316EPSS
Exploits0References12
vulnrichment
vulnrichment
•added 2026/06/13 4:17 a.m.•9 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating...

6.4CVSS6.1AI score0.00361EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/13 2:34 a.m.•7 views

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 2:34 a.m.•8 views

CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score0.0014EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 2:34 a.m.•9 views

CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS5.3AI score0.00091EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 2:34 a.m.•9 views

CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/13 2:29 a.m.•8 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
vulnrichment
vulnrichment
•added 2026/06/12 11:4 p.m.•8 views

CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

4.6CVSS5.7AI score0.00225EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 11:4 p.m.•10 views

CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS5.3AI score0.01254EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 10:19 p.m.•7 views

CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...

7.4CVSS5.4AI score0.00263EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:16 p.m.•10 views

CVE-2026-6676 Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:16 p.m.•8 views

CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:15 p.m.•7 views

CVE-2025-9033 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:14 p.m.•8 views

CVE-2025-9032 Avira antivirus engine heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70....

7.8CVSS5.6AI score0.00122EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:14 p.m.•9 views

CVE-2025-7019 Avast antivirus stack overflow when scanning a malformed Office Open XML file

Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus...

5.5CVSS5.4AI score0.00113EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:13 p.m.•9 views

CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:13 p.m.•8 views

CVE-2025-7017 Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:12 p.m.•10 views

CVE-2025-7011 Avast antivirus heap OOB when scanning a malformed zip file

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

7.8CVSS5.5AI score0.00146EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:11 p.m.•10 views

CVE-2025-7010 Avast antivirus stack overflow when scanning a malformed PDF file

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, an...

5.5CVSS5.5AI score0.00113EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:10 p.m.•8 views

CVE-2025-7009 Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus o...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:9 p.m.•7 views

CVE-2025-7008 Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:8 p.m.•8 views

CVE-2025-7006 Avast antivirus use of stack memory after free when scanning a malformed PE file

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux...

5.5CVSS5.4AI score0.00111EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:7 p.m.•8 views

CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:4 p.m.•9 views

CVE-2025-7004 Avast antivirus heap buffer OOB write when scanning a malformed PE file

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 10:2 p.m.•8 views

CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 9:59 p.m.•10 views

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•6 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•6 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•16 views

CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•9 views

CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•9 views

CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS5.2AI score0.00221EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 9:57 p.m.•8 views

CVE-2026-53837 OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted conte...

6.3CVSS5.2AI score0.00189EPSS
Exploits0References2
vulnrichment
vulnrichment
•added 2026/06/12 9:56 p.m.•11 views

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References2
Total number of security vulnerabilities163634