Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,101 - 4,120 of 37,677 CVEs
CVE-2026-0134 LOW - 3.3

In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0133 HIGH - 7.8

In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0132 HIGH - 8.8

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0131 HIGH - 7.3

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0130 LOW - 3.5

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0129 LOW - 3.5

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0128 MEDIUM - 6.5

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0127 MEDIUM - 6.5

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for ...

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0126 CRITICAL - 9.8

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-0125 HIGH - 7.0

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 16, 2026
Source: NVD
CVE-2026-54157 CRITICAL - 9.0

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make arbitra...

Vendor: npm
Product: @lobehub/lobehub
Published: Jun 16, 2026
Source: GitHub
CVE-2026-53753 CRITICAL - 9.8

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtin...

Vendor: pip
Product: crawl4ai
Published: Jun 16, 2026
Source: GitHub

Hugo: Symlink confinement bypass in resources.Get

Vendor: go
Product: github.com/gohugoio/hugo
Published: Jun 16, 2026
Source: GitHub

Hugo: security.http.urls allow-list bypass via HTTP redirects

Vendor: go
Product: github.com/gohugoio/hugo
Published: Jun 16, 2026
Source: GitHub

Hugo: XSS via text/html content files

Vendor: go
Product: github.com/gohugoio/hugo
Published: Jun 16, 2026
Source: GitHub
CVE-2026-53866 HIGH - 8.1

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabl...

Vendor: OpenClaw
Product: OpenClaw
Published: Jun 16, 2026
Source: NVD
CVE-2026-53865 HIGH - 7.1

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipula...

Vendor: OpenClaw
Product: OpenClaw
Published: Jun 16, 2026
Source: NVD
CVE-2026-53864 HIGH - 8.1

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.j...

Vendor: OpenClaw
Product: OpenClaw
Published: Jun 16, 2026
Source: NVD
CVE-2026-53863 HIGH - 7.1

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access c...

Vendor: OpenClaw
Product: OpenClaw
Published: Jun 16, 2026
Source: NVD
CVE-2026-53862 MEDIUM - 4.2

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

Vendor: OpenClaw
Product: OpenClaw
Published: Jun 16, 2026
Source: NVD