Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-53856 Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53854 Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53852 Vulnerability in openclaw (CVE-2026-53852)
vulnerability in openclaw (CVE-2026-53852). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53851 Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53850 Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53848 OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
CVE-2026-53847 Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53845 Vulnerability in openclaw (CVE-2026-53845)
vulnerability in openclaw (CVE-2026-53845). Risk of unauthorized operations or information disclosure. Exploitable via ``runBeforeToolCallHook``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53844 Vulnerability in openclaw (CVE-2026-53844)
vulnerability in openclaw (CVE-2026-53844). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53841 Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53840 Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-50656 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
CVE-2026-47927 Out-of-Bounds Read in adobe (CVE-2026-47927)
vulnerability in adobe (CVE-2026-47927). Confidential information can be exposed externally.
CVE-2026-47934 Out-of-Bounds Read in adobe (CVE-2026-47934)
vulnerability in adobe (CVE-2026-47934). Confidential information can be exposed externally.
CVE-2026-47963 Out-of-Bounds Read in adobe (CVE-2026-47963)
vulnerability in adobe (CVE-2026-47963). Confidential information can be exposed externally.
CVE-2026-47964 DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
CVE-2026-49401 Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
CVE-2026-54311 Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54306 Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54301 Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54308 Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54313 SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54310 SQL Injection in n8n (CVE-2026-54310)
SQL injection in n8n (CVE-2026-54310). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-49465 Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-49444 Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-48520 Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-48519 Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-42867 Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2024-22451 Vulnerability in dell (CVE-2024-22451)
vulnerability in dell (CVE-2024-22451). Successful exploitation can lead to full system takeover.
CVE-2024-22447 Vulnerability in dell (CVE-2024-22447)
vulnerability in dell (CVE-2024-22447). Successful exploitation can lead to full system takeover.
CVE-2026-53899 Vulnerability in mozilla (CVE-2026-53899)
vulnerability in mozilla (CVE-2026-53899). Risk of unauthorized operations or information disclosure.
CVE-2026-53900 Vulnerability in mozilla (CVE-2026-53900)
vulnerability in mozilla (CVE-2026-53900). Risk of unauthorized operations or information disclosure.
CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
CVE-2026-12324 Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
CVE-2026-12325 Vulnerability in mozilla (CVE-2026-12325)
vulnerability in mozilla (CVE-2026-12325). Risk of unauthorized operations or information disclosure.
CVE-2026-12326 Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
CVE-2026-12327 Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
CVE-2026-12328 Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
CVE-2026-12329 Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
CVE-2026-12330 Buffer Overflow in mozilla (CVE-2026-12330)
vulnerability in mozilla (CVE-2026-12330). Risk of unauthorized operations or information disclosure.
CVE-2026-12314 Buffer Overflow in mozilla (CVE-2026-12314)
vulnerability in mozilla (CVE-2026-12314). Confidential information can be exposed externally.
CVE-2026-12315 Vulnerability in mozilla (CVE-2026-12315)
vulnerability in mozilla (CVE-2026-12315). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →