Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,823
Quick preset (or use dates below)
Clear Filters
Showing 9,121 - 9,140 of 14,211 CVEs
CVE-2026-22319 MEDIUM - 4.9

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

Published: Mar 18, 2026
Source: NVD
CVE-2026-22318 MEDIUM - 4.9

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.

Published: Mar 18, 2026
Source: NVD
CVE-2026-22316 MEDIUM - 6.5

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

Published: Mar 18, 2026
Source: NVD
CVE-2026-3512 MEDIUM - 6.1

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl_wprintstylo_comments_nav() function. The function ...

Published: Mar 18, 2026
Source: NVD
CVE-2025-15363 MEDIUM - 5.9

The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations.

Vendor: Unknown
Product: Get Use APIs
Published: Mar 18, 2026
Source: NVD
CVE-2026-4366 MEDIUM - 5.8

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. A...

Published: Mar 18, 2026
Source: NVD
CVE-2026-33058 MEDIUM - 6.5

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fix...

Vendor: kanboard
Product: kanboard
Published: Mar 18, 2026
Source: NVD
CVE-2026-2575 MEDIUM - 5.3

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError...

Vendor: maven
Product: org.keycloak:keycloak-saml-adapter-core
Published: Mar 18, 2026
Source: NVD
CVE-2026-1926 MEDIUM - 5.3

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the `init` action...

Published: Mar 18, 2026
Source: NVD
CVE-2026-1780 MEDIUM - 6.1

The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

Published: Mar 18, 2026
Source: NVD
CVE-2026-4268 MEDIUM - 6.4

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ€˜wpgmza_custom_jsโ€™ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin_pos...

Published: Mar 18, 2026
Source: NVD
CVE-2026-27545 MEDIUM - 6.1

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable p...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-27523 MEDIUM - 6.1

OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve out...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-27522 MEDIUM - 6.5

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user.

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22217 MEDIUM - 5.3

OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22181 MEDIUM - 6.4

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY environment variables are present, attacker-influenced ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22180 MEDIUM - 5.3

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and wr...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22179 MEDIUM - 6.6

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution sy...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22178 MEDIUM - 6.5

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-22177 MEDIUM - 6.1

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the OpenClaw gateway service run...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD