Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.6 HIGH
CVE-2026-62187 — OpenClaw < 2026.6.9 Feishu tools Authorization Bypass

OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should ha…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.6 HIGH
CVE-2026-62186 — OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authori…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.6 HIGH
CVE-2026-62185 — Argo CD Helm Chart < 10.0.0 Missing Network Policy RCE

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network…

| Misconfiguration
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.7 HIGH
CVE-2026-62184 — luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs …

luci | Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.7 HIGH
CVE-2026-61458 — PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a pu…

Remote | Authentication
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.8 CRITICAL
CVE-2026-59801 — 9Router 0.4.41 - Unauthenticated API Exposure via /api/providers

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credent…

Remote | Authentication
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.2 HIGH
CVE-2026-58500 — MCP Appium: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates …

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.9 MEDIUM
CVE-2026-58488 — HedgeDoc: Rate-limit bypass via CF-Connecting-IP header spoofing

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attackers to circumvent the rate-limiting of the /login and /register routes by spoo…

Remote | Authentication
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.1 MEDIUM
CVE-2026-58487 — HedgeDoc: Stored HTML injection via email local-part

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnera…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.0 HIGH
CVE-2026-58411 — ChurchCRM has Reflected Cross-Site Scripting (XSS) via unsanitized request parameter name…

ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities were identified due to insufficient output encoding of user-controlled request…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.3 MEDIUM
CVE-2026-56877 — Skillable SCORM Lab Launch Improper Authorization

The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authentica…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-52533 — D-Link DIR-1253 Privilege Escalation Vulnerability

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file

| Authentication
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51821 — Shenzhou Shihan Video Conference System SQL Injection Vulnerability

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint

| Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51541 — OpENer Out-of-Bounds Read

OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData f…

| Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51540 — OpENer Integer Underflow Memory Corruption

OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).

| Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51539 — Libmodbus Denial of Service Vulnerability

A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.

| Denial of Service
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51538 — EIPStackGroup OpENer Improper Session Authentication vulnerability

EIPStackGroup OpENer 2.3.0 (commit 76b95cf) suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands…

| Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51537 — EIPStackGroup OpENer Out-of-Bounds Read

EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a vali…

| Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-51536 — OpENer Stack Buffer Overflow

In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP (Common Industrial Protocol) network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream …

| Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-39042 — MikroTik RouterOS Denial of Service Vulnerability

An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten() function in libumsg.…

| Denial of Service
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7389 Results