Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,839
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 17,761 - 17,780 of 38,837 CVEs
CVE-2026-31955 MEDIUM - 4.9

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS se...

Vendor: xibosignage
Product: xibo-cms
Published: Apr 24, 2026
Source: NVD
CVE-2026-31953 MEDIUM - 6.4

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript in...

Vendor: xibosignage
Product: xibo-cms
Published: Apr 24, 2026
Source: NVD
CVE-2026-40630 CRITICAL - 9.8

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact w...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-40623 HIGH - 8.1

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watc...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-40620 CRITICAL - 9.8

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted mod...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-40431 MEDIUM - 5.3

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same ne...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-39462 HIGH - 8.1

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-35503 CRITICAL - 9.8

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these expo...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-35064 HIGH - 7.5

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exp...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-31952 HIGH - 7.6

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain...

Vendor: xibosignage
Product: xibo-cms
Published: Apr 24, 2026
Source: NVD
CVE-2026-29197 MEDIUM - 4.3

In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine lo...

Vendor: Rocket.Chat
Product: Rocket.Chat
Published: Apr 24, 2026
Source: NVD
CVE-2026-27843 CRITICAL - 9.1

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker ca...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-27841 HIGH - 8.1

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious ex...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-25775 CRITICAL - 9.8

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded ima...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-25720 MEDIUM - 5.4

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue ...

Vendor: SenseLive
Product: X3050
Published: Apr 24, 2026
Source: NVD
CVE-2026-1789 MEDIUM - 4.9

A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.

Published: Apr 24, 2026
Source: NVD
CVE-2026-6732 MEDIUM - 6.5

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that ca...

Published: Apr 23, 2026
Source: NVD
CVE-2026-41361 HIGH - 7.1

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 23, 2026
Source: NVD
CVE-2026-41360 MEDIUM - 6.7

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script co...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 23, 2026
Source: NVD
CVE-2026-41359 HIGH - 7.1

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient access ...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 23, 2026
Source: NVD