Threat Intelligence Feed

Aggregating 4395 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-6732 A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definit CVE-2026-41361 OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. CVE-2026-41360 OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operan CVE-2026-41359 OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write perm CVE-2026-41358 OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to CVE-2026-41357 OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass CVE-2026-41356 OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previ CVE-2026-41355 OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted san CVE-2026-41354 OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows leg CVE-2026-41353 OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attac CVE-2026-41352 OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node CVE-2026-41351 OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Bas CVE-2026-41350 OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to CVE-2026-41349 OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execu CVE-2026-41348 OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths CVE-2026-41347 OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mod CVE-2026-41346 OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allow CVE-2026-41345 OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Aut CVE-2026-41344 OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scop CVE-2026-41343 OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers CVE-2026-41342 OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persis CVE-2026-41341 OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direc CVE-2026-41340 OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration in CVE-2026-41339 OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin auth CVE-2026-41338 OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows atta CVE-2026-41337 OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attac CVE-2026-41336 OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, e CVE-2026-41335 OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that CVE-2026-41334 OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce CVE-2026-41333 OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumv CVE-2026-41332 OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CON CVE-2026-41274 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypher CVE-2026-35431 Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perfo CVE-2026-33819 Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. CVE-2026-33102 Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privilege CVE-2026-32210 Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofin CVE-2026-32172 Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network. CVE-2026-2708 A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_commo CVE-2026-26210 KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the CVE-2026-26150 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a net
1879 General 509 Vulnerability Disclosure 504 CVE 359 Campaigns 250 Data Breach 232 Malware

Trending Vendors

Microsoft (420) Google (265) Apple (195) Amazon (170) Intel (143) Cisco (108) GitHub (50) Cloudflare (48) Fortinet (44) Linux (41) Oracle (40) Palo Alto Networks (36) WordPress (32) Check Point (31) F5 (31)

Latest News

Data Breaches