CVEs from 2026
Total
14,789
critical
critical 1,335
high
high 5,006
medium
medium 4,831
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41496 | high | 8.1 | 8.1 | 1mo ago | PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) | |||
| CVE-2026-41491 | high | 8.1 | 8.1 | 1mo ago | Dapr: Service Invocation path traversal ACL bypass | |||
| CVE-2026-41105 | high | 8.1 | 8.1 | 1mo ago | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-42239 | high | 8.1 | 8.1 | 1mo ago | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.… | |||
| CVE-2026-41654 | high | 8.1 | 8.1 | 1mo ago | Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url | |||
| CVE-2026-8093 | high | 8.1 | 8.1 | 1mo ago | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary … | |||
| CVE-2026-33588 | high | 8.1 | 8.1 | 1mo ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | |||
| CVE-2026-7252 | high | 8.1 | 8.1 | 1mo ago | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat… | |||
| CVE-2026-41002 | high | 8.1 | 8.1 | 1mo ago | Spring Cloud Config Server Susceptible To TOCTOU Attack | |||
| CVE-2026-44304 | high | 8.1 | 8.1 | 1mo ago | Lemur: LDAP Filter Injection enables post-authentication privilege escalation | |||
| CVE-2026-8018 | high | 8.1 | 8.1 | 1mo ago | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security… | |||
| CVE-2026-7981 | high | 8.1 | 8.1 | 1mo ago | Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security… | |||
| CVE-2026-7978 | high | 8.1 | 8.1 | 1mo ago | Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium se… | |||
| CVE-2026-41936 | high | 8.1 | 8.1 | 1mo ago | Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and mod… | |||
| CVE-2026-43134 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP… | |||
| CVE-2026-42609 | high | 8.1 | 8.1 | 1mo ago | Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic | |||
| CVE-2026-44331 | high | 8.1 | 8.1 | 1mo ago | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… | |||
| CVE-2026-23631 | high | 8.1 | 8.1 | 1mo ago | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft… | |||
| CVE-2026-43535 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: Collect-mode queue batches could reuse the last sender authorization context | |||
| CVE-2026-6180 | high | 8.1 | 8.1 | 1mo ago | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co… | |||
| CVE-2026-42088 | high | 8.1 | 8.1 | 1mo ago | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py… | |||
| CVE-2026-29004 | high | 8.1 | 8.1 | 1mo ago | BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac… | |||
| CVE-2026-42075 | high | 8.1 | 8.1 | 1mo ago | Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write | |||
| CVE-2026-40563 | high | 8.1 | 8.1 | 1mo ago | Apache Atlas has a Code Injection Vulnerability | |||
| CVE-2026-29199 | high | 8.1 | 8.1 | 1mo ago | phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host … | |||
| CVE-2026-2554 | high | 8.1 | 8.1 | 1mo ago | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… | |||
| CVE-2026-7611 | high | 8.1 | 8.1 | 1mo ago | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a… | |||
| CVE-2026-7610 | high | 8.1 | 8.1 | 1mo ago | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi… | |||
| CVE-2026-7491 | high | 8.1 | 8.1 | 1mo ago | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. | |||
| CVE-2026-7606 | high | 8.1 | 8.1 | 1mo ago | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of … | |||
| CVE-2026-7647 | high | 8.1 | 8.1 | 1mo ago | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta… | |||
| CVE-2026-37537 | high | 8.1 | 8.1 | 1mo ago | collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At… | |||
| CVE-2026-22166 | high | 8.1 | 8.1 | 1mo ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce… | |||
| CVE-2026-22165 | high | 8.1 | 8.1 | 1mo ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro… | |||
| CVE-2026-43051 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports with… | |||
| CVE-2026-31779 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic a… | |||
| CVE-2026-31771 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: move wake reason storage into validated event handlers hci_store_wake_reason() is called from hci_event_pac… | |||
| CVE-2026-31708 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTH… | |||
| CVE-2026-7554 | high | 8.1 | 8.1 | 1mo ago | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attac… | |||
| CVE-2026-6542 | high | 8.1 | 8.1 | 1mo ago | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an… | |||
| CVE-2026-40904 | high | 8.1 | 8.1 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end… | |||
| CVE-2026-40600 | high | 8.1 | 8.1 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on… | |||
| CVE-2026-36340 | high | 8.1 | 8.1 | 1mo ago | Krayin CRM allows a remote attacker to execute arbitrary code via compose email function | |||
| CVE-2026-7402 | high | 8.1 | 8.1 | 1mo ago | Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | |||
| CVE-2026-7399 | high | 8.1 | 8.1 | 1mo ago | Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | |||
| CVE-2026-42512 | high | 8.1 | 8.1 | 1mo ago | As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when reque… | |||
| CVE-2026-35547 | high | 8.1 | 8.1 | 1mo ago | When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocat… | |||
| CVE-2026-42511 | high | 8.1 | 8.1 | 1mo ago | The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by … | |||
| CVE-2026-7426 | high | 8.1 | 8.1 | 1mo ago | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by… | |||
| CVE-2026-7424 | high | 8.1 | 8.1 | 1mo ago | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, an… | |||
| CVE-2026-7347 | high | 8.1 | 8.1 | 1mo ago | Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) | |||
| CVE-2026-7346 | high | 8.1 | 8.1 | 1mo ago | Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-42167 | high | 8.1 | 8.1 | 1mo ago | mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backe… | |||
| CVE-2026-42431 | high | 8.1 | 8.1 | 1mo ago | OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard | |||
| CVE-2026-41383 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped | |||
| CVE-2026-27760 | high | 8.1 | 8.1 | 1mo ago | OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements… | |||
| CVE-2026-5780 | high | 8.1 | 8.1 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authentic… | |||
| CVE-2026-41364 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host | |||
| CVE-2026-31613 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() r… | |||
| CVE-2026-40623 | high | 8.1 | 8.1 | 1mo ago | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inad… | |||
| CVE-2026-39462 | high | 8.1 | 8.1 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device… | |||
| CVE-2026-27841 | high | 8.1 | 8.1 | 1mo ago | A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application do… | |||
| CVE-2026-41353 | high | 8.1 | 8.1 | 1mo ago | OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and… | |||
| CVE-2026-41342 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials | |||
| CVE-2026-41246 | high | 8.1 | 8.1 | 1mo ago | Contour has Lua code injection via Cookie Path Rewrite Policy | |||
| CVE-2026-41175 | high | 8.1 | 8.1 | 2mo ago | Statamic: Unsafe method invocation via query value resolution allows data destruction | |||
| CVE-2026-31513 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req Syzbot reported a KASAN stack-out-of-bounds read in l2cap_… | |||
| CVE-2026-31464 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written val… | |||
| CVE-2026-6848 | high | 8.1 | 8.1 | 2mo ago | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be… | |||
| CVE-2026-42084 | high | 8.1 | 8.1 | 2mo ago | OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence | |||
| CVE-2026-6832 | high | 8.1 | 8.1 | 2mo ago | Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an ab… | |||
| CVE-2026-40868 | high | 8.1 | 8.1 | 2mo ago | kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token | |||
| CVE-2026-5966 | high | 8.1 | 8.1 | 2mo ago | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on th… | |||
| CVE-2026-40434 | high | 8.1 | 8.1 | 2mo ago | Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | |||
| CVE-2026-5718 | high | 8.1 | 8.1 | 2mo ago | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type … | |||
| CVE-2026-41113 | high | 8.1 | 8.1 | 2mo ago | sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | |||
| CVE-2026-40784 | high | 8.1 | 8.1 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… | |||
| CVE-2026-40764 | high | 8.1 | 8.1 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1… | |||
| CVE-2026-33827 | high | 8.1 | 8.1 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-23708 | high | 8.1 | 8.1 | 2mo ago | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 throug… | |||
| CVE-2026-22828 | high | 8.1 | 8.1 | 2mo ago | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary… | |||
| CVE-2026-28291 | high | 8.1 | 8.1 | 2mo ago | simple-git Affected by Command Execution via Option-Parsing Bypass | |||
| CVE-2026-6011 | high | 8.1 | 8.1 | 2mo ago | OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts | |||
| CVE-2026-5479 | high | 8.1 | 8.1 | 2mo ago | In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning p… | |||
| CVE-2026-5466 | high | 8.1 | 8.1 | 2mo ago | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged … | |||
| CVE-2026-5188 | high | 8.1 | 8.1 | 2mo ago | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclo… | |||
| CVE-2026-5915 | high | 8.1 | 8.1 | 2mo ago | Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-5913 | high | 8.1 | 8.1 | 2mo ago | Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-28387 | high | 8.1 | 8.1 | 2mo ago | Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-… | |||
| CVE-2026-39371 | high | 8.1 | 8.1 | 2mo ago | RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests | |||
| CVE-2026-22665 | high | 8.1 | 8.1 | 2mo ago | prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing … | |||
| CVE-2026-22661 | high | 8.1 | 8.1 | 2mo ago | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archi… | |||
| CVE-2026-31393 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access l2cap_information_rsp() checks that cmd_len covers the fix… | |||
| CVE-2026-31392 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single s… | |||
| CVE-2026-5246 | high | 8.1 | 8.1 | 2mo ago | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a mani… | |||
| CVE-2026-5245 | high | 8.1 | 8.1 | 2mo ago | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the ar… | |||
| CVE-2026-34472 | high | 7.1 | 8.1 | 2mo ago | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials… | |||
| CVE-2026-25406 | high | 8.1 | 8.1 | 2mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. | |||
| CVE-2026-25357 | high | 8.1 | 8.1 | 2mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro… | |||
| CVE-2026-32067 | high | 8.1 | 8.1 | 3mo ago | OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access |