CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-0157
4.3 MEDIUM

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution …

Jun 16, 2026
CVE-2026-0156

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service …

Jun 16, 2026
CVE-2026-0155
4.3 MEDIUM

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution …

Jun 16, 2026
CVE-2026-0154
8.8 HIGH

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to …

Jun 16, 2026
CVE-2026-0153
7.8 HIGH

In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Jun 16, 2026
CVE-2026-0152
7.8 HIGH

In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds …

Jun 16, 2026
CVE-2026-0151
8.8 HIGH

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with …

Jun 16, 2026
CVE-2026-0150
7.8 HIGH

In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local …

Jun 16, 2026
CVE-2026-0149
8.8 HIGH

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution …

Jun 16, 2026
CVE-2026-0148
8.8 HIGH

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution …

Jun 16, 2026
CVE-2026-0147
8.8 HIGH

In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Jun 16, 2026
CVE-2026-0146
8.8 HIGH

In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Jun 16, 2026
CVE-2026-0145
3.3 LOW

In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no …

Jun 16, 2026
CVE-2026-0144
6.5 MEDIUM

In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service …

Jun 16, 2026
CVE-2026-0143
7.8 HIGH

In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with …

Jun 16, 2026
CVE-2026-0142
3.3 LOW

In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with …

Jun 16, 2026
CVE-2026-0141
4.3 MEDIUM

In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no …

Jun 16, 2026
CVE-2026-0140
4.3 MEDIUM

In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges …

Jun 16, 2026
CVE-2026-0139
8.8 HIGH

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no …

Jun 16, 2026
CVE-2026-0138
7.8 HIGH

In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with …

Jun 16, 2026
CVE-2026-0137
7.8 HIGH

In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege …

Jun 16, 2026
CVE-2026-0136
6.5 MEDIUM

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with …

Jun 16, 2026
CVE-2026-0135
7.8 HIGH

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no …

Jun 16, 2026
CVE-2026-0134
3.3 LOW

In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could …

Jun 16, 2026
CVE-2026-0133
7.8 HIGH

In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead …

Jun 16, 2026
CVE-2026-0132
8.8 HIGH

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no …

Jun 16, 2026
CVE-2026-0131
7.3 HIGH

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no …

Jun 16, 2026
CVE-2026-0130
3.5 LOW

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no …

Jun 16, 2026
CVE-2026-0129
3.5 LOW

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. …

Jun 16, 2026
CVE-2026-0128

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional …

Jun 16, 2026
CVE-2026-0127
6.5 MEDIUM

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication …

Jun 16, 2026
CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no …

Jun 16, 2026
CVE-2026-0125
7.0 HIGH

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege …

Jun 16, 2026
CVE-2026-53866
8.1 HIGH

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell …

Jun 16, 2026
CVE-2026-53865
7.1 HIGH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute …

Jun 16, 2026
CVE-2026-53864
8.1 HIGH

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to …

Jun 16, 2026
CVE-2026-53863
7.1 HIGH

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID …

Jun 16, 2026
CVE-2026-53862
4.2 MEDIUM

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay …

Jun 16, 2026
CVE-2026-53861
6.6 MEDIUM

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content …

Jun 16, 2026
CVE-2026-53860
4.2 MEDIUM

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender …

Jun 16, 2026
CVE-2026-53859
6.5 MEDIUM

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit …

Jun 16, 2026
CVE-2026-53858
7.1 HIGH

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable …

Jun 16, 2026
CVE-2026-53857
8.1 HIGH

OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers …

Jun 16, 2026
CVE-2026-53856
5.5 MEDIUM

OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts …

Jun 16, 2026
CVE-2026-53855
8.1 HIGH

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools …

Jun 16, 2026
CVE-2026-53854
6.5 MEDIUM

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. …

Jun 16, 2026
CVE-2026-53853
8.3 HIGH

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux …

Jun 16, 2026
CVE-2026-53852
5.4 MEDIUM

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope …

Jun 16, 2026
CVE-2026-53851
5.3 MEDIUM

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended …

Jun 16, 2026
CVE-2026-53850
5.5 MEDIUM

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization …

Jun 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.