🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-6674 | Medium | 6.5 |
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter…
|
— | Apr 21, 2026 |
| CVE-2026-41300 | Medium | 6.5 |
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote …
|
— | Apr 21, 2026 |
| CVE-2026-6711 | Medium | 6.1 |
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all…
|
— | Apr 21, 2026 |
| CVE-2026-40045 | Medium | 5.7 |
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials…
|
— | Apr 21, 2026 |
| CVE-2026-41298 | Medium | 5.4 |
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-beari…
|
— | Apr 21, 2026 |
| CVE-2026-41331 | Medium | 5.3 |
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that a…
|
— | Apr 21, 2026 |
| CVE-2026-6675 | Medium | 5.3 |
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Em…
|
— | Apr 21, 2026 |
| CVE-2026-41301 | Medium | 5.3 |
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingre…
|
— | Apr 21, 2026 |
| CVE-2026-6588 | Medium | 6.5 |
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/dele…
|
— | Apr 20, 2026 |
| CVE-2026-4852 | Medium | 6.4 |
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site …
|
— | Apr 20, 2026 |
| CVE-2026-6616 | Medium | 6.3 |
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extrac…
|
— | Apr 20, 2026 |
| CVE-2026-6613 | Medium | 6.3 |
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_s…
|
— | Apr 20, 2026 |
| CVE-2026-6729 | Medium | 6.3 |
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated…
|
— | Apr 20, 2026 |
| CVE-2026-6586 | Medium | 6.3 |
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_b…
|
— | Apr 20, 2026 |
| CVE-2026-6599 | Medium | 6.3 |
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/ins…
|
— | Apr 20, 2026 |
| CVE-2026-6612 | Medium | 6.3 |
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_executio…
|
— | Apr 20, 2026 |
| CVE-2026-6587 | Medium | 6.3 |
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_proces…
|
— | Apr 20, 2026 |
| CVE-2026-6614 | Medium | 6.3 |
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the f…
|
— | Apr 20, 2026 |
| CVE-2026-6617 | Medium | 6.3 |
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provid…
|
— | Apr 20, 2026 |
| CVE-2026-6609 | Medium | 6.3 |
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the f…
|
— | Apr 20, 2026 |