Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53856 |
|
Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53854 |
|
Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53852 |
|
Vulnerability in openclaw (CVE-2026-53852)
vulnerability in openclaw (CVE-2026-53852). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53851 |
|
Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53850 |
|
Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53848 |
|
OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
|
| CVE-2026-53847 |
|
Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53845 |
|
Vulnerability in openclaw (CVE-2026-53845)
vulnerability in openclaw (CVE-2026-53845). Risk of unauthorized operations or information disclosure. Exploitable via ``runBeforeToolCallHook``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53844 |
|
Vulnerability in openclaw (CVE-2026-53844)
vulnerability in openclaw (CVE-2026-53844). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53841 |
|
Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53840 |
|
Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-50656 |
|
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
|
| CVE-2026-47927 |
|
Out-of-Bounds Read in adobe (CVE-2026-47927)
vulnerability in adobe (CVE-2026-47927). Confidential information can be exposed externally.
|
| CVE-2026-47934 |
|
Out-of-Bounds Read in adobe (CVE-2026-47934)
vulnerability in adobe (CVE-2026-47934). Confidential information can be exposed externally.
|
| CVE-2026-47963 |
|
Out-of-Bounds Read in adobe (CVE-2026-47963)
vulnerability in adobe (CVE-2026-47963). Confidential information can be exposed externally.
|
| CVE-2026-47964 |
|
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
|
| CVE-2026-49401 |
|
Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
|
| CVE-2026-49402 |
|
OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
|
| CVE-2026-54311 |
|
Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54306 |
|
Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54301 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54308 |
|
Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54313 |
|
SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54310 |
|
SQL Injection in n8n (CVE-2026-54310)
SQL injection in n8n (CVE-2026-54310). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-49465 |
|
Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-49444 |
|
Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-48520 |
|
Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
|
| CVE-2026-48519 |
|
Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-42867 |
|
Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-33760 |
|
Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2024-22451 |
|
Vulnerability in dell (CVE-2024-22451)
vulnerability in dell (CVE-2024-22451). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22447 |
|
Vulnerability in dell (CVE-2024-22447)
vulnerability in dell (CVE-2024-22447). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53899 |
|
Vulnerability in mozilla (CVE-2026-53899)
vulnerability in mozilla (CVE-2026-53899). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53900 |
|
Vulnerability in mozilla (CVE-2026-53900)
vulnerability in mozilla (CVE-2026-53900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12323 |
|
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12324 |
|
Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12325 |
|
Vulnerability in mozilla (CVE-2026-12325)
vulnerability in mozilla (CVE-2026-12325). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12326 |
|
Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12327 |
|
Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12328 |
|
Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12329 |
|
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
|
| CVE-2026-12330 |
|
Buffer Overflow in mozilla (CVE-2026-12330)
vulnerability in mozilla (CVE-2026-12330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12314 |
|
Buffer Overflow in mozilla (CVE-2026-12314)
vulnerability in mozilla (CVE-2026-12314). Confidential information can be exposed externally.
|
| CVE-2026-12315 |
|
Vulnerability in mozilla (CVE-2026-12315)
vulnerability in mozilla (CVE-2026-12315). Confidential information can be exposed externally.
|