Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
Showing 8,941 - 8,960 of 13,738 CVEs
CVE-2026-32025 HIGH - 7.5

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-force a...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-32016 HIGH - 7.0

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo without a...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-32015 HIGH - 7.0

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-32014 HIGH - 8.0

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect metadata...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-32013 HIGH - 8.8

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway proce...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-32011 HIGH - 7.5

OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request bodie...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD
CVE-2026-29072 HIGH - 7.5

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and 2...

Vendor: discourse
Product: discourse
Published: Mar 19, 2026
Source: NVD
CVE-2026-27934 HIGH - 7.5

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 20...

Vendor: discourse
Product: discourse
Published: Mar 19, 2026
Source: NVD
CVE-2026-33409 HIGH - 9.1

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing t...

Vendor: npm
Product: parse-server
Published: Mar 19, 2026
Source: GitHub
CVE-2026-4428 HIGH - 7.4

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3...

Published: Mar 19, 2026
Source: NVD
CVE-2026-3547 HIGH - 7.5

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

Vendor: wolfssl
Product: wolfssl
Published: Mar 19, 2026
Source: NVD
CVE-2026-33346 HIGH - 8.7

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser of...

Vendor: openemr
Product: openemr
Published: Mar 19, 2026
Source: NVD
CVE-2026-33321 HIGH - 7.6

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side Req...

Vendor: openemr
Product: openemr
Published: Mar 19, 2026
Source: NVD
CVE-2026-33302 HIGH - 8.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks for explicit "deny" (allowed=0)....

Vendor: openemr
Product: openemr
Published: Mar 19, 2026
Source: NVD
CVE-2026-33301 HIGH - 8.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read vulner...

Vendor: openemr
Product: openemr
Published: Mar 19, 2026
Source: NVD
CVE-2026-32622 HIGH - 8.8

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, un...

Vendor: dataease
Product: SQLBot
Published: Mar 19, 2026
Source: NVD
CVE-2026-26139 HIGH - 8.6

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: purview
Published: Mar 19, 2026
Source: NVD
CVE-2026-26138 HIGH - 8.6

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: purview
Published: Mar 19, 2026
Source: NVD
CVE-2026-26137 HIGH - 8.9

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: 365_copilot_chat
Published: Mar 19, 2026
Source: NVD
CVE-2026-23659 HIGH - 8.6

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

Published: Mar 19, 2026
Source: NVD