U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-46810 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker wi... read CVE-2026-46810
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46812 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attack... read CVE-2026-46812
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46813 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2026-46813
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-35261 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attack... read CVE-2026-35261
    Published: June 17, 2026; 6:40:18 AM -0400

  • CVE-2026-35313 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacke... read CVE-2026-35313
    Published: June 17, 2026; 6:40:23 AM -0400

  • CVE-2026-46805 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... read CVE-2026-46805
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46806 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... read CVE-2026-46806
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46807 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM Legacy UI). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo... read CVE-2026-46807
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46808 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network acc... read CVE-2026-46808
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-53865 - OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unint... read CVE-2026-53865
    Published: June 16, 2026; 3:17:04 PM -0400

  • CVE-2026-53866 - OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parse... read CVE-2026-53866
    Published: June 16, 2026; 3:17:05 PM -0400

  • CVE-2026-53840 - OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can red... read CVE-2026-53840
    Published: June 16, 2026; 3:17:00 PM -0400

  • CVE-2026-53842 - OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can... read CVE-2026-53842
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53844 - OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the... read CVE-2026-53844
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53845 - OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch ... read CVE-2026-53845
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53846 - OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access c... read CVE-2026-53846
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53847 - OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers ... read CVE-2026-53847
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53848 - OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validat... read CVE-2026-53848
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-45649 - Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
    Published: June 09, 2026; 1:17:32 PM -0400

  • CVE-2026-35265 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc... read CVE-2026-35265
    Published: June 17, 2026; 6:40:18 AM -0400