Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-15628 — zhayujie chatgpt-on-wechat CowAgent Vision Tool vision.py Vision._download_to_data_url se…

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the co…

chatgpt-on-wechat_cowagent | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-15627 — nextlevelbuilder GoClaw tool.go handleNavigate information disclosure

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argumen…

goclaw | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.4 MEDIUM
CVE-2026-7640 — WP Customer Area <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via …

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the `customer-area-protected-content` shortcode in all versions up to, and including…

Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-15625 — nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blac…

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec_approval.go. The manipulation resu…

goclaw | Remote | Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-15624 — nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo se…

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create_video_byteplus.go of th…

goclaw | Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.5 MEDIUM
CVE-2026-15622 — poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a ma…

Remote | Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-11802 — FoodBook Lite <= 1.5.6 - Missing Authorization to Unauthenticated User Registration via '…

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via th…

Remote | Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.4 MEDIUM
CVE-2026-11390 — News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site S…

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due t…

Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-15626 — nextlevelbuilder GoClaw ACP ToolBridge Workspace tool_bridge.go writeFile path traversal

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspac…

goclaw | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.6 HIGH
CVE-2026-58233 — Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsat…

SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger ins…

Remote | Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.3 MEDIUM
CVE-2026-44771 — Missing Authorization check in SAP S/4HANA (Draft operation)

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileg…

Remote | Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.3 MEDIUM
CVE-2026-44770 — Missing Authorization check in SAP S/4 HANA (Create Single Payment)

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. Th…

Remote | Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.5 MEDIUM
CVE-2026-44769 — SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)

SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confiden…

Remote | Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.1 MEDIUM
CVE-2026-44768 — Security misconfiguration in SAP CRM (WebClient UI)

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restr…

Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.1 MEDIUM
CVE-2026-44767 — Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> eleme…

Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.1 CRITICAL
CVE-2026-44761 — Insecure Sample Credentials in SAP Commerce Cloud

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, …

commerce_cloud | Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.7 MEDIUM
CVE-2026-44760 — Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applic…

Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response whi…

netweaver_application_server_abap | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.1 MEDIUM
CVE-2026-44759 — Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser …

netweaver_enterprise_portal | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
3.7 LOW
CVE-2026-44753 — Information Disclosure vulnerability in SAP HANA Extended Application Services classic mo…

SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and e…

Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.2 HIGH
CVE-2026-44752 — Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configu…

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's brow…

netweaver_application_server_java | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 7420 Results