Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.0 HIGH
CVE-2026-16097 — Shibby Tomato Scheduler Name sub_42537C stack-based overflow

A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based…

tomato | Remote | Memory Corruption
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
9.0 HIGH
CVE-2026-16096 — Shibby Tomato webmon_recent_domains sub_40BB50 stack-based overflow

A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of the file /proc/webmon_recent_domains. The manipulation leads to stack-based buffe…

tomato | Remote | Memory Corruption
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
9.0 HIGH
CVE-2026-16095 — Shibby Tomato rc setup_conntrack out-of-bounds write

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack of the file /sbin/rc. Executing a manipulation of the argument ct_tcp_timeo…

tomato | Remote | Memory Corruption
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.8 MEDIUM
CVE-2026-16088 — halo-dev halo Files Backup Endpoint MigrationEndpoint.java download path traversal

A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of the file MigrationEndpoint.java of the component Files Backup Endpoint. Performi…

Remote | Path Traversal
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.3 MEDIUM
CVE-2026-16085 — Sipeed PicoClaw context.go NewContextBuilder inclusion of functionality from untrusted co…

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functio…

picoclaw | Misconfiguration
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.8 HIGH
CVE-2026-47871 — VMware Avi Load Balancer Directory Traversal Vulnerability

VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks. Affected ver…

Remote | Path Traversal
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.1 HIGH
CVE-2026-47870 — VMware Avi Load Balancer Privilege Escalation Vulnerability

VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 (fixed in 32.…

Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.7 HIGH
CVE-2026-47869 — VMware Avi Load Balancer Remote Code Execution Vulnerability

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code. Affected versions: 32.1.1 (fixed i…

Remote | Injection
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.8 HIGH
CVE-2026-47868 — VMware Avi Load Balancer Local Privilege Escalation Vulnerability

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1…

| Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.7 HIGH
CVE-2026-47867 — VMware Avi Load Balancer Remote Code Execution Vulnerability

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions…

Remote | Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.3 HIGH
CVE-2026-47866 — VMware Avi Load Balancer Authorization Bypass Vulnerability

VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization. Affected …

Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
9.8 CRITICAL
CVE-2026-47865 — VMware Avi Load Balancer Authentication Bypass Vulnerability

VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism. …

Remote | Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.5 HIGH
CVE-2026-16084 — Sipeed PicoClaw web.go web_fetch server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remo…

picoclaw | Remote | Server-Side Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.5 MEDIUM
CVE-2026-16083 — Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulatio…

picoclaw | Remote | Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.3 MEDIUM
CVE-2026-16082 — Sipeed PicoClaw pipeline_execute.go ExecTool.executeRun toctou

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline_execute.go. The manipulation of the argument cwe…

picoclaw | Race Condition
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.0 MEDIUM
CVE-2026-16081 — Sipeed PicoClaw auth.go cross-site request forgery

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request…

picoclaw | Remote | Cross-Site Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
5.3 MEDIUM
CVE-2026-16077 — AstrBotDevs AstrBot Filesystem Computer-Use Tool fs.py _normalize_rw_path link following

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py of the component Filesystem Computer-Use…

| Path Traversal
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16076 — AstrBotDevs AstrBot API open_api.py OpenApiRoute.chat_send authentication spoofing

A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of the file astrbot/dashboard/routes/open_api.py of the component API. Such …

Remote | Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
4.3 MEDIUM
CVE-2026-9734 — W3SC Elementor to Zoho CRM <= 2.2.0 - Cross-Site Request Forgery to Settings Update

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on th…

Remote | Cross-Site Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
4.3 MEDIUM
CVE-2026-16075 — AstrBotDevs AstrBot session-listing Endpoint open_api.py OpenApiRoute.get_chat_sessions a…

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat_sessions of the file astrbot/dashboard/routes/open_api.py of the component ses…

Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
Showing 20 of 7784 Results