Threat Intelligence Feed

CVE-2026-5988 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW CVE-2026-5987 A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFree CVE-2026-5986 A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the CVE-2026-5985 A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown CVE-2026-5507 When restoring a session from cache, a pointer from the serialized session data is used in a free operation without vali CVE-2026-5504 A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repe CVE-2026-5503 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This CVE-2026-5295 A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/ CVE-2026-34424 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected throu CVE-2026-5984 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS CVE-2026-5983 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo CVE-2026-5982 A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file CVE-2026-5981 A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname CVE-2026-5264 Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that CVE-2026-5263 URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification CVE-2026-40154 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted e CVE-2026-40153 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os CVE-2026-40152 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directo CVE-2026-40151 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents end CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c CVE-2026-40149 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unaut CVE-2026-40148 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registr CVE-2026-40117 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi CVE-2026-40116 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call modu CVE-2026-40115 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the e CVE-2026-40114 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in CVE-2026-40113 PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the CVE-2026-40112 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent CVE-2026-40111 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us CVE-2026-39848 Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed CVE-2026-35646 OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that CVE-2026-35645 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe CVE-2026-35644 OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop CVE-2026-35642 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireM CVE-2026-35640 OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta CVE-2026-35639 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an CVE-2026-35638 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w CVE-2026-5988 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW CVE-2026-5987 A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFree CVE-2026-5986 A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the CVE-2026-5985 A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown CVE-2026-5507 When restoring a session from cache, a pointer from the serialized session data is used in a free operation without vali CVE-2026-5504 A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repe CVE-2026-5503 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This CVE-2026-5295 A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/ CVE-2026-34424 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected throu CVE-2026-5984 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS CVE-2026-5983 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo CVE-2026-5982 A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file CVE-2026-5981 A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname CVE-2026-5264 Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that CVE-2026-5263 URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification CVE-2026-40154 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted e CVE-2026-40153 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os CVE-2026-40152 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directo CVE-2026-40151 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents end CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c CVE-2026-40149 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unaut CVE-2026-40148 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registr CVE-2026-40117 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi CVE-2026-40116 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call modu CVE-2026-40115 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the e CVE-2026-40114 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in CVE-2026-40113 PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the CVE-2026-40112 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent CVE-2026-40111 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us CVE-2026-39848 Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed CVE-2026-35646 OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that CVE-2026-35645 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe CVE-2026-35644 OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop CVE-2026-35642 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireM CVE-2026-35640 OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta CVE-2026-35639 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an CVE-2026-35638 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w