Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,946
Quick preset (or use dates below)
Clear Filters
Showing 8,621 - 8,640 of 14,200 CVEs
CVE-2026-27646 MEDIUM - 5.3

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat context ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 23, 2026
Source: NVD
CVE-2026-27183 MEDIUM - 4.5

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactly f...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 23, 2026
Source: NVD
CVE-2026-1940 MEDIUM - 5.1

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser a...

Published: Mar 23, 2026
Source: NVD
CVE-2025-60948 MEDIUM - 4.6

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha.

Vendor: Census
Product: CSWeb
Published: Mar 23, 2026
Source: NVD
CVE-2026-33486 MEDIUM - 6.8

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the w...

Vendor: composer
Product: roadiz/documents
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33202 MEDIUM - 9.1

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without escaping glob metacharacters. If a blob key contains attacker-contro...

Vendor: rubygems
Product: activestorage
Published: Mar 23, 2026
Source: GitHub
CVE-2026-4597 MEDIUM - 6.3

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. T...

Published: Mar 23, 2026
Source: NVD
CVE-2026-23488 MEDIUM - 5.3

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note (including private notes) without authorization, even if the note has not been publicly shared. The ...

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23487 MEDIUM - 6.5

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4.

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23486 MEDIUM - 5.3

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4.

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23485 MEDIUM - 5.3

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23484 MEDIUM - 6.5

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure (normal user), not superAdminAuthMiddleware. At time of...

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23483 MEDIUM - 5.3

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly availab...

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-23481 MEDIUM - 6.5

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4.

Vendor: blinkospace
Product: blinko
Published: Mar 23, 2026
Source: NVD
CVE-2026-33176 MEDIUM - 7.5

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands into extremely large...

Vendor: rubygems
Product: activesupport
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33174 MEDIUM - 7.5

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A reques...

Vendor: rubygems
Product: activestorage
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33173 MEDIUM - 5.3

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in ...

Vendor: rubygems
Product: activestorage
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33170 MEDIUM - 6.1

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!...

Vendor: rubygems
Product: activesupport
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33169 MEDIUM - 5.3

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between t...

Vendor: rubygems
Product: activesupport
Published: Mar 23, 2026
Source: GitHub
CVE-2026-33548 MEDIUM - 6.1

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that ...

Vendor: mantisbt
Product: mantisbt
Published: Mar 23, 2026
Source: NVD