Search Vulnerabilities

Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection

MAL-2026-1423

Malicious code in test_pkg_forppe (npm)

GHSA-rqpp-rjj8-7wv8

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

GHSA-pfjj-6f4p-rvmh

CVE-2026-32621

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

CVE-2025-15060

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability

MAL-2026-1421

Malicious code in devlino (npm)

CVE-2026-32621

Apollo Federation has prototype pollution via incomplete key sanitization

MAL-2026-1422

Malicious code in fastapi-middleware-cors (PyPI)

PyPI

CVE-2026-32626

AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection

GHSA-j77h-rr39-c552

CVE-2026-32301

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

GHSA-p5g2-jm85-8g35

CVE-2026-32306

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

CVE-2026-31886

Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

CVE-2026-31806

FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions

CVE-2026-32746

telnetd in GNU inetutils through 2

GHSA-vh9h-29pq-r5m8

CVE-2026-32304

Locutus vulnerable to RCE via unsanitized input in create_function()

GHSA-5xxp-2vrj-x855

CVE-2026-32614

SM9 Infinity-Point Ciphertext Forgery Vulnerability

CVE-2026-26954

SandboxJS has a Sandbox Escape

GHSA-4jpw-hj22-2xmc

OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE

GHSA-xw77-45gv-p728

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

GHSA-m4q3-457p-hh2x

CVE-2026-31886

Dagu: Path Traversal via `dagRunId` in Inline DAG Execution

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-4163

Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection

MAL-2026-1423

Malicious code in test_pkg_forppe (npm)

GHSA-rqpp-rjj8-7wv8

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

GHSA-pfjj-6f4p-rvmh

CVE-2026-32621

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

CVE-2025-15060

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability

MAL-2026-1421

Malicious code in devlino (npm)

CVE-2026-32621

Apollo Federation has prototype pollution via incomplete key sanitization

MAL-2026-1422

Malicious code in fastapi-middleware-cors (PyPI)

PyPI

CVE-2026-32626

AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection

GHSA-j77h-rr39-c552

CVE-2026-32301

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

GHSA-p5g2-jm85-8g35

CVE-2026-32306

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

CVE-2026-31886

Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

CVE-2026-31806

FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions

CVE-2026-32746

telnetd in GNU inetutils through 2

GHSA-vh9h-29pq-r5m8

CVE-2026-32304

Locutus vulnerable to RCE via unsanitized input in create_function()

GHSA-5xxp-2vrj-x855

CVE-2026-32614

SM9 Infinity-Point Ciphertext Forgery Vulnerability

CVE-2026-26954

SandboxJS has a Sandbox Escape

GHSA-4jpw-hj22-2xmc

OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE

GHSA-xw77-45gv-p728

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

GHSA-m4q3-457p-hh2x

CVE-2026-31886

Dagu: Path Traversal via `dagRunId` in Inline DAG Execution