CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-53831
8.3 HIGH

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated …

Jun 12, 2026
CVE-2026-53830
6.5 MEDIUM

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers …

Jun 12, 2026
CVE-2026-53829
8.0 HIGH

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with …

Jun 12, 2026
CVE-2026-53828
8.8 HIGH

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers …

Jun 12, 2026
CVE-2026-53827
6.5 MEDIUM

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback …

Jun 12, 2026
CVE-2026-53826
4.3 MEDIUM

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this …

Jun 12, 2026
CVE-2026-53825
6.5 MEDIUM

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local …

Jun 12, 2026
CVE-2026-53824
6.5 MEDIUM

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit …

Jun 12, 2026
CVE-2026-53823
8.1 HIGH

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can …

Jun 12, 2026
CVE-2026-53822
8.8 HIGH

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist …

Jun 12, 2026
CVE-2026-53821
8.8 HIGH

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can …

Jun 12, 2026
CVE-2026-53820
6.6 MEDIUM

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. …

Jun 12, 2026
CVE-2026-53609
9.1 CRITICAL

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an authenticated …

Jun 12, 2026
CVE-2026-53608
8.7 HIGH

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) …

Jun 12, 2026
CVE-2026-53523
6.8 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 …

Jun 12, 2026
CVE-2026-53522
6.5 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two …

Jun 12, 2026
CVE-2026-53521
6.4 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists …

Jun 12, 2026
CVE-2026-53520
6.5 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the …

Jun 12, 2026
CVE-2026-53519
9.1 CRITICAL

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any …

Jun 12, 2026
CVE-2026-49397
5.3 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are …

Jun 12, 2026
CVE-2026-49396
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger …

Jun 12, 2026
CVE-2026-48119
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor …

Jun 12, 2026
CVE-2026-47268
6.4 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user …

Jun 12, 2026
CVE-2026-47124
6.5 MEDIUM

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can …

Jun 12, 2026
CVE-2026-47120
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other …

Jun 12, 2026
CVE-2026-46717
7.7 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user …

Jun 12, 2026
CVE-2026-46716
9.9 CRITICAL

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create …

Jun 12, 2026
CVE-2026-41158
7.8 HIGH

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, …

Jun 12, 2026
CVE-2026-41157
9.8 CRITICAL

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space …

Jun 12, 2026
CVE-2026-41155
5.5 MEDIUM

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. …

Jun 12, 2026
CVE-2026-34195
8.8 HIGH

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. …

Jun 12, 2026
CVE-2026-12131
6.3 MEDIUM

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component …

Jun 12, 2026
CVE-2025-7019
5.5 MEDIUM

Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast …

Jun 12, 2026
CVE-2025-7018
5.5 MEDIUM

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue …

Jun 12, 2026
CVE-2025-7017
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of …

Jun 12, 2026
CVE-2025-7011
7.8 HIGH

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7010
5.5 MEDIUM

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue …

Jun 12, 2026
CVE-2025-7009
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7008
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or …

Jun 12, 2026
CVE-2025-7006
5.5 MEDIUM

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This …

Jun 12, 2026
CVE-2025-7005
5.5 MEDIUM

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, …

Jun 12, 2026
CVE-2025-7004
7.8 HIGH

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7003
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7002
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2020-2521

Rejected reason: This candidate was issued in error.

Jun 12, 2026
CVE-2026-54397

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an …

Jun 12, 2026
CVE-2026-54396

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was …

Jun 12, 2026
CVE-2026-54395

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML …

Jun 12, 2026
CVE-2026-54394

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid …

Jun 12, 2026
CVE-2026-54393

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), …

Jun 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.