Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53854 |
|
Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-49983 |
|
Authorization Flaw in deno (CVE-2026-49983)
vulnerability in deno (CVE-2026-49983). Risk of unauthorized operations or information disclosure. Exploitable via ``env``. Mitigation: upgrade to `2.8.1` or later.
|
| CVE-2026-5149 |
|
Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
|
| CVE-2026-54281 |
|
Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
|
| CVE-2026-47777 |
|
Vulnerability in CVE-2026-47777 (CVE-2026-47777)
vulnerability in CVE-2026-47777 (CVE-2026-47777). Data can be tampered with by attackers.
|
| CVE-2016-20075 |
|
Authorization Flaw in wordpress (CVE-2016-20075)
vulnerability in wordpress (CVE-2016-20075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34023 |
|
Authorization Flaw in CVE-2026-34023 (CVE-2026-34023)
vulnerability in CVE-2026-34023 (CVE-2026-34023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2470 |
|
Authorization Flaw in wordpress (CVE-2026-2470)
vulnerability in wordpress (CVE-2026-2470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54398 |
|
Authorization Flaw in CVE-2026-54398 (CVE-2026-54398)
vulnerability in CVE-2026-54398 (CVE-2026-54398). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53834 |
|
Authorization Flaw in openclaw (CVE-2026-53834)
vulnerability in openclaw (CVE-2026-53834). Data can be tampered with by attackers.
|
| CVE-2026-53835 |
|
Authorization Flaw in openclaw (CVE-2026-53835)
vulnerability in openclaw (CVE-2026-53835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53828 |
|
Authorization Flaw in openclaw (CVE-2026-53828)
vulnerability in openclaw (CVE-2026-53828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53521 |
|
Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-53521)
vulnerability in github.com/nezhahq/nezha (CVE-2026-53521). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /server/{id}`. Mitigation: upgrade to `2.1.0` or later.
|
| CVE-2026-54091 |
|
Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54091)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54091). Confidential information can be exposed externally. Exploitable via `GET /api/public/share/`. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-54362 |
|
Authorization Flaw in CVE-2026-54362 (CVE-2026-54362)
vulnerability in CVE-2026-54362 (CVE-2026-54362). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54397 |
|
Authorization Flaw in CVE-2026-54397 (CVE-2026-54397)
vulnerability in CVE-2026-54397 (CVE-2026-54397). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54096 |
|
Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/share/`. Mitigation: upgrade to `2.63.7` or later.
|
| CVE-2026-54358 |
|
Authorization Flaw in privilege-escalation (CVE-2026-54358)
vulnerability in privilege-escalation (CVE-2026-54358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54357 |
|
Vulnerability in CVE-2026-54357 (CVE-2026-54357)
vulnerability in CVE-2026-54357 (CVE-2026-54357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42604 |
|
Authorization Flaw in CVE-2026-42604 (CVE-2026-42604)
vulnerability in CVE-2026-42604 (CVE-2026-42604). Risk of unauthorized operations or information disclosure. Exploitable via `POST /openid/config`.
|
| CVE-2026-50008 |
|
Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
|
| CVE-2026-47236 |
|
Authorization Flaw in CVE-2026-47236 (CVE-2026-47236)
vulnerability in CVE-2026-47236 (CVE-2026-47236). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7387 |
|
Authorization Flaw in mattermost (CVE-2026-7387)
vulnerability in mattermost (CVE-2026-7387). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6739 |
|
Authorization Flaw in mattermost (CVE-2026-6739)
vulnerability in mattermost (CVE-2026-6739). Confidential information can be exposed externally.
|
| CVE-2026-44173 |
|
Authorization Flaw in mariadb (CVE-2026-44173)
vulnerability in mariadb (CVE-2026-44173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44169 |
|
Authorization Flaw in mariadb (CVE-2026-44169)
vulnerability in mariadb (CVE-2026-44169). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45831 |
|
Authorization Flaw in trychroma (CVE-2026-45831)
vulnerability in trychroma (CVE-2026-45831). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53721 |
|
Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-47195 |
|
Authorization Flaw in CVE-2026-47195 (CVE-2026-47195)
vulnerability in CVE-2026-47195 (CVE-2026-47195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47238 |
|
Vulnerability in CVE-2026-47238 (CVE-2026-47238)
vulnerability in CVE-2026-47238 (CVE-2026-47238). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53808 |
|
Authorization Flaw in openclaw (CVE-2026-53808)
vulnerability in openclaw (CVE-2026-53808). Data can be tampered with by attackers.
|
| CVE-2026-53807 |
|
Authorization Flaw in openclaw (CVE-2026-53807)
vulnerability in openclaw (CVE-2026-53807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53809 |
|
Authorization Flaw in openclaw (CVE-2026-53809)
vulnerability in openclaw (CVE-2026-53809). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-48089 |
|
Vulnerability in github.com/l3montree-dev/devguard (CVE-2026-48089)
vulnerability in github.com/l3montree-dev/devguard (CVE-2026-48089). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.2` or later.
|
| CVE-2026-6269 |
|
Authorization Flaw in gitlab (CVE-2026-6269)
vulnerability in gitlab (CVE-2026-6269). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6277 |
|
Authorization Flaw in gitlab (CVE-2026-6277)
vulnerability in gitlab (CVE-2026-6277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-3553 |
|
Authorization Flaw in gitlab (CVE-2026-3553)
vulnerability in gitlab (CVE-2026-3553). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-49219 |
|
Path Traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219)
path traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219). Confidential information can be exposed externally. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-53738 |
|
Authorization Flaw in CVE-2026-53738 (CVE-2026-53738)
vulnerability in CVE-2026-53738 (CVE-2026-53738). Data can be tampered with by attackers.
|
| CVE-2026-49823 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49823)
vulnerability in github.com/fission/fission (CVE-2026-49823). Confidential information can be exposed externally. Exploitable via ``PackageRef.Namespace``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-49824 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49824)
vulnerability in github.com/fission/fission (CVE-2026-49824). Confidential information can be exposed externally. Exploitable via ``spec.environment.namespace``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-48860 |
|
Authorization Flaw in erlang (CVE-2026-48860)
vulnerability in erlang (CVE-2026-48860). Confidential information can be exposed externally.
|
| CVE-2026-45563 |
|
Vulnerability in nginx (CVE-2026-45563)
vulnerability in nginx (CVE-2026-45563). Risk of unauthorized operations or information disclosure. Exploitable via `GET /history/`.
|
| CVE-2026-45552 |
|
Vulnerability in nginx (CVE-2026-45552)
vulnerability in nginx (CVE-2026-45552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45550 |
|
Vulnerability in nginx (CVE-2026-45550)
vulnerability in nginx (CVE-2026-45550). Data can be tampered with by attackers. Exploitable via `PUT /smon/check`.
|
| CVE-2026-45549 |
|
Vulnerability in nginx (CVE-2026-45549)
vulnerability in nginx (CVE-2026-45549). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49397 |
|
Information Disclosure in github.com/nezhahq/nezha (CVE-2026-49397)
vulnerability in github.com/nezhahq/nezha (CVE-2026-49397). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/service`. Mitigation: upgrade to `2.0.14` or later.
|
| CVE-2026-24724 |
|
Authorization Flaw in qnap (CVE-2026-24724)
vulnerability in qnap (CVE-2026-24724). Confidential information can be exposed externally.
|