🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-41300 | Medium | 6.5 |
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote …
|
— | Apr 21, 2026 |
| CVE-2026-6674 | Medium | 6.5 |
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter…
|
— | Apr 21, 2026 |
| CVE-2026-6711 | Medium | 6.1 |
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all…
|
— | Apr 21, 2026 |
| CVE-2026-40045 | Medium | 5.7 |
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials…
|
— | Apr 21, 2026 |
| CVE-2026-41298 | Medium | 5.4 |
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-beari…
|
— | Apr 21, 2026 |
| CVE-2026-6675 | Medium | 5.3 |
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Em…
|
— | Apr 21, 2026 |
| CVE-2026-41301 | Medium | 5.3 |
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingre…
|
— | Apr 21, 2026 |
| CVE-2026-41331 | Medium | 5.3 |
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that a…
|
— | Apr 21, 2026 |
| CVE-2023-27351 | Critical | 9.8 |
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote…
|
— | Apr 20, 2026 |
| CVE-2026-20122 | Critical | 9.8 |
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs…
|
— | Apr 20, 2026 |
| CVE-2026-20128 | Critical | 9.8 |
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverab…
|
— | Apr 20, 2026 |
| CVE-2025-32975 | Critical | 9.8 |
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an…
|
— | Apr 20, 2026 |
| CVE-2026-20133 | Critical | 9.8 |
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive informati…
|
— | Apr 20, 2026 |
| CVE-2025-48700 | Critical | 9.8 |
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site…
|
— | Apr 20, 2026 |
| CVE-2025-2749 | Critical | 9.8 |
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an …
|
— | Apr 20, 2026 |
| CVE-2024-27199 | Critical | 9.8 |
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow…
|
— | Apr 20, 2026 |
| CVE-2026-6588 | Medium | 6.5 |
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/dele…
|
— | Apr 20, 2026 |
| CVE-2026-4852 | Medium | 6.4 |
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site …
|
— | Apr 20, 2026 |
| CVE-2026-6587 | Medium | 6.3 |
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_proces…
|
— | Apr 20, 2026 |
| CVE-2026-6729 | Medium | 6.3 |
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated…
|
— | Apr 20, 2026 |