Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-35623 — OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.9 MEDIUM
CVE-2026-35622 — OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. A…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-35618 — OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verifica…

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
4.2 MEDIUM
CVE-2026-35617 — OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space…

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by cha…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.1 HIGH
CVE-2026-34512 — OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termin…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.4 HIGH
CVE-2026-33797 — Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a…

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.8 HIGH
CVE-2026-33793 — Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present…

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, th…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.7 MEDIUM
CVE-2026-33791 — Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary she…

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje…

| Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-33790 — Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 p…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.8 HIGH
CVE-2026-33788 — Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with lo…

| Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.5 MEDIUM
CVE-2026-33787 — Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed ch…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local att…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.5 MEDIUM
CVE-2026-33786 — Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd cr…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker wit…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.8 HIGH
CVE-2026-33785 — Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/C…

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a com…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.8 CRITICAL
CVE-2026-33784 — JSI Virtual Lightweight Collector: Default password is not required to be changed which a…

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control …

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33783 — Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specif…

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privilege…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33782 — Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously wi…

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memor…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33781 — Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packe…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33780 — Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memo…

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33779 — Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud commun…

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to …

Remote | Misconfiguration
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-33778 — Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is rec…

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, n…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
Showing 20 of 6480 Results