Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-32973 — OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX…

openclaw | Remote | Path Traversal
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.1 HIGH
CVE-2026-32972 — OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.req…

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes th…

openclaw | Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.8 CRITICAL
CVE-2026-32924 — OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers c…

openclaw | Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
5.4 MEDIUM
CVE-2026-32923 — OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforceme…

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild membe…

openclaw | Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.9 CRITICAL
CVE-2026-32922 — OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constra…

openclaw | Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
6.9 MEDIUM
CVE-2026-32919 — OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent req…

openclaw | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.2 CRITICAL
CVE-2026-32918 — OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply ar…

openclaw | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.3 CRITICAL
CVE-2026-32915 — OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their …

openclaw | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.8 HIGH
CVE-2026-32914 — OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Att…

openclaw | Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
0.0 NA
CVE-2026-23400 — rust_binder: call set_notification_done() without proc lock

In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The…

linux_kernel | Race Condition
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.0 HIGH
CVE-2026-5043 — Belkin F9K1122 Parameter formSetPassword stack-based overflow

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulatio…

f9k1122_firmware | Remote | Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.0 HIGH
CVE-2026-5042 — Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The…

f9k1122_firmware | Remote | Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
5.8 MEDIUM
CVE-2026-5041 — code-projects Chamber of Commerce Membership Management System pageMail.php fwrite comman…

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument …

chamber_of_commerce_membership_management_system | Remote | Injection
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
4.8 MEDIUM
CVE-2026-5037 — mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr c…

| Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.0 HIGH
CVE-2026-5036 — Tenda 4G06 Endpoint DhcpListClient fromDhcpListClient stack-based overflow

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation…

Remote | Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.5 HIGH
CVE-2026-5035 — code-projects Accounting System Parameter view_work.php sql injection

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en…

Remote | Injection
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.5 HIGH
CVE-2026-5034 — code-projects Accounting System Parameter edit_costumer.php sql injection

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation…

Remote | Injection
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.5 HIGH
CVE-2026-5033 — code-projects Accounting System Parameter view_costumer.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The …

Remote | Injection
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
5.3 MEDIUM
CVE-2026-5031 — BichitroGan ISP Billing Software Endpoint users-view resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the a…

Remote | Path Traversal
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
6.5 MEDIUM
CVE-2026-5030 — Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipul…

nr1800x_firmware | Remote | Injection
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
Showing 20 of 5852 Results