Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-35658 1 Openclaw 1 Openclaw 2026-04-14 6.5 Medium
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
CVE-2026-35652 1 Openclaw 1 Openclaw 2026-04-14 6.5 Medium
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions.
CVE-2026-35643 1 Openclaw 1 Openclaw 2026-04-14 8.8 High
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.
CVE-2026-5977 1 Totolink 2 A7100ru, A7100ru Firmware 2026-04-14 9.8 Critical
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-61658 2 Mediawiki, Wikimedia 2 Checkuser, Checkuser 2026-04-14 4.3 Medium
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1.
CVE-2020-9715 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2026-04-14 7.8 High
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2023-36424 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2026-04-14 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-21529 1 Microsoft 1 Exchange Server 2026-04-14 8.8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2025-67476 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-14 4.3 Medium
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
CVE-2026-6027 1 Totolink 2 A7100ru, A7100ru Firmware 2026-04-14 9.8 Critical
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-13914 1 Juniper Networks 1 Apstra 2026-04-14 8.7 High
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.
CVE-2026-35651 1 Openclaw 1 Openclaw 2026-04-14 4.3 Medium
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.
CVE-2026-35657 1 Openclaw 1 Openclaw 2026-04-14 6.5 Medium
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint.
CVE-2026-35663 1 Openclaw 1 Openclaw 2026-04-14 8.8 High
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.
CVE-2026-35669 1 Openclaw 1 Openclaw 2026-04-14 8.8 High
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions.
CVE-2025-67478 2 Mediawiki, Wikimedia 2 Checkuser, Checkuser 2026-04-14 8.8 High
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2026-4436 1 Gpl Odorizers 4 Gpl750 (xl4), Gpl750 (xl4 Prime), Gpl Odorizers Gpl750 (xl7) and 1 more 2026-04-14 8.6 High
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.
CVE-2026-35383 1 Bentley Systems 1 Itwin Platform 2026-04-14 6.5 Medium
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete assets.
CVE-2026-6113 1 Totolink 2 A7100ru, A7100ru Firmware 2026-04-14 9.8 Critical
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-67480 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-14 6.5 Medium
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.