Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,217
Quick preset (or use dates below)
Clear Filters
Showing 8,081 - 8,100 of 13,708 CVEs
CVE-2026-5045 HIGH - 8.8

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remote...

Vendor: tenda
Product: fh1201_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5044 HIGH - 8.8

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed...

Vendor: belkin
Product: f9k1122_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-33575 HIGH - 7.5

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-33573 HIGH - 8.8

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the co...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-33572 HIGH - 8.4

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32980 HIGH - 7.5

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time,...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32979 HIGH - 7.3

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintende...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32978 HIGH - 8.0

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code u...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32974 HIGH - 8.6

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32972 HIGH - 7.1

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist attacker-controlle...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32918 HIGH - 8.4

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persi...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32915 HIGH - 8.8

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause exec...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32914 HIGH - 8.8

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted to ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-5043 HIGH - 8.8

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is po...

Vendor: belkin
Product: f9k1122_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5042 HIGH - 8.8

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launc...

Vendor: belkin
Product: f9k1122_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5036 HIGH - 8.8

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. T...

Vendor: tenda
Product: 4g06_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5035 HIGH - 7.3

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclo...

Vendor: sherlock
Product: accounting_system
Published: Mar 29, 2026
Source: NVD
CVE-2026-5034 HIGH - 7.3

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exp...

Vendor: sherlock
Product: accounting_system
Published: Mar 29, 2026
Source: NVD
CVE-2026-5033 HIGH - 7.3

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote...

Vendor: sherlock
Product: accounting_system
Published: Mar 29, 2026
Source: NVD
CVE-2026-5024 HIGH - 8.8

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made publ...

Vendor: dlink
Product: dir-513_firmware
Published: Mar 29, 2026
Source: NVD