NVD

Icon for NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-5577 - A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID lea... read CVE-2026-5577
Published: April 05, 2026; 12:16:19 PM -0400

V3.1: 8.6 HIGH
CVE-2026-5585 - A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. T... read CVE-2026-5585
Published: April 05, 2026; 2:16:17 PM -0400

V3.1: 7.5 HIGH
CVE-2026-5584 - A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be lau... read CVE-2026-5584
Published: April 05, 2026; 1:16:57 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-5474 - A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buf... read CVE-2026-5474
Published: April 03, 2026; 1:16:54 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5473 - A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a hi... read CVE-2026-5473
Published: April 03, 2026; 1:16:54 PM -0400

V3.1: 7.0 HIGH
CVE-2026-41397 - OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting... read CVE-2026-41397
Published: April 28, 2026; 3:37:43 PM -0400

V3.1: 9.6 CRITICAL
CVE-2026-5572 - A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been rele... read CVE-2026-5572
Published: April 05, 2026; 10:16:18 AM -0400

V3.1: 4.3 MEDIUM
CVE-2026-5569 - A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from... read CVE-2026-5569
Published: April 05, 2026; 10:16:17 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-5570 - A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotel... read CVE-2026-5570
Published: April 05, 2026; 10:16:17 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-5571 - A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information di... read CVE-2026-5571
Published: April 05, 2026; 10:16:18 AM -0400

V3.1: 7.5 HIGH
CVE-2026-41396 - OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by ov... read CVE-2026-41396
Published: April 28, 2026; 3:37:43 PM -0400

V3.1: 7.8 HIGH
CVE-2026-5573 - A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. Th... read CVE-2026-5573
Published: April 05, 2026; 11:16:41 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-5604 - A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard re... read CVE-2026-5604
Published: April 05, 2026; 7:16:20 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5605 - A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remote... read CVE-2026-5605
Published: April 05, 2026; 8:16:19 PM -0400

V3.1: 8.8 HIGH
CVE-2026-41395 - OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay... read CVE-2026-41395
Published: April 28, 2026; 3:37:42 PM -0400

V3.1: 7.5 HIGH
CVE-2026-41394 - OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime a... read CVE-2026-41394
Published: April 28, 2026; 3:37:42 PM -0400

V3.1: 8.2 HIGH
CVE-2026-41393 - OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials thro... read CVE-2026-41393
Published: April 28, 2026; 3:37:42 PM -0400

V3.1: 4.8 MEDIUM
CVE-2026-41392 - OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to ... read CVE-2026-41392
Published: April 28, 2026; 3:37:42 PM -0400

V3.1: 7.3 HIGH
CVE-2026-41391 - OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or ma... read CVE-2026-41391
Published: April 28, 2026; 3:37:42 PM -0400

V3.1: 6.1 MEDIUM
CVE-2026-7469 - A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remote... read CVE-2026-7469
Published: April 29, 2026; 10:16:06 PM -0400

V3.1: 6.3 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: