Total CVEs

145,909

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 23,681 - 23,700 of 42,314 CVEs

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-40200 HIGH - 8.1

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or ...

Vendor: musl-libc
Product: musl
Published: Apr 10, 2026
Source: NVD

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 10, 2026
Source: NVD
CVE-2026-40159 MEDIUM - 5.5

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g., MCP("npx -y @smithery/cli ...")). These commands are executed through Python’s subprocess ...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40158 HIGH - 8.6

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct function in praisonaiagents/tools/python_tools.py...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who ...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40156 HIGH - 7.8

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code v...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40103 MEDIUM - 4.3

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.ba...

Vendor: go-vikunja
Product: vikunja
Published: Apr 10, 2026
Source: NVD
CVE-2026-40100 MEDIUM - 5.3

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthentic...

Vendor: labring
Product: FastGPT
Published: Apr 10, 2026
Source: NVD

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key Usage (EKU) extension...

Vendor: smallstep
Product: certificates
Published: Apr 10, 2026
Source: NVD
CVE-2026-40086 MEDIUM - 5.3

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can...

Vendor: danielgatis
Product: rembg
Published: Apr 10, 2026
Source: NVD
CVE-2026-40074 MEDIUM - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could...

Vendor: sveltejs
Product: kit
Published: Apr 10, 2026
Source: NVD
CVE-2026-40073 HIGH - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers ...

Vendor: sveltejs
Product: kit
Published: Apr 10, 2026
Source: NVD
CVE-2026-35670 MEDIUM - 5.9

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered repli...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35669 HIGH - 8.8

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unautho...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35668 HIGH - 7.7

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandbox...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35667 MEDIUM - 6.1

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causi...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35666 HIGH - 8.8

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35665 MEDIUM - 5.3

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35664 MEDIUM - 5.3

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD