Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-35631 — OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating co…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.4 HIGH
CVE-2026-35629 — OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in …

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can expl…

Remote | Server-Side Request Forgery
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.3 MEDIUM
CVE-2026-35628 — OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeat…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.9 MEDIUM
CVE-2026-35627 — OpenClaw < 2026.3.22 - Unauthenticated Cryptographic Work in Nostr Inbound DM Handling

OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.9 MEDIUM
CVE-2026-35626 — OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.5 HIGH
CVE-2026-35625 — OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
4.2 MEDIUM
CVE-2026-35624 — OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms …

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.3 MEDIUM
CVE-2026-35623 — OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.0 MEDIUM
CVE-2026-35622 — OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. A…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.3 HIGH
CVE-2026-35618 — OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verifica…

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
4.2 MEDIUM
CVE-2026-35617 — OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space…

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by cha…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.1 HIGH
CVE-2026-34512 — OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termin…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.4 HIGH
CVE-2026-33797 — Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a…

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.5 HIGH
CVE-2026-33793 — Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present…

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, th…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.4 HIGH
CVE-2026-33791 — Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary she…

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje…

| Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.7 HIGH
CVE-2026-33790 — Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 p…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.5 HIGH
CVE-2026-33788 — Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with lo…

| Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.8 MEDIUM
CVE-2026-33787 — Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed ch…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local att…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.8 MEDIUM
CVE-2026-33786 — Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd cr…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker wit…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.8 HIGH
CVE-2026-33785 — Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/C…

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a com…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
Showing 20 of 6486 Results