🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-5809 | High | 7.1 |
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. Th…
|
— | Apr 11, 2026 |
| CVE-2026-5989 | High | 8.8 |
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E…
|
— | Apr 10, 2026 |
| CVE-2026-5990 | High | 8.8 |
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter…
|
— | Apr 10, 2026 |
| CVE-2026-35643 | High | 8.8 |
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-35663 | High | 8.8 |
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request bro…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-5991 | High | 8.8 |
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof…
|
— | Apr 10, 2026 |
| CVE-2026-6014 | High | 8.8 |
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA…
|
— | Apr 10, 2026 |
| CVE-2026-6013 | High | 8.8 |
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g…
|
— | Apr 10, 2026 |
| CVE-2026-6016 | High | 8.8 |
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W…
|
— | Apr 10, 2026 |
| CVE-2026-35666 | High | 8.8 |
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/b…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-6015 | High | 8.8 |
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui…
|
— | Apr 10, 2026 |
| CVE-2026-35669 | High | 8.8 |
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-5992 | High | 8.8 |
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2…
|
— | Apr 10, 2026 |
| CVE-2026-6012 | High | 8.8 |
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file…
|
— | Apr 10, 2026 |
| CVE-2026-35653 | High | 8.1 |
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that all…
|
⚡ Exploit ✅ Patch | Apr 10, 2026 |
| CVE-2026-35660 | High | 8.1 |
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint tha…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-4351 | High | 8.1 |
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,…
|
— | Apr 10, 2026 |
| CVE-2021-47961 | High | 8.1 |
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to …
|
— | Apr 10, 2026 |
| CVE-2026-35641 | High | 7.8 |
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that …
|
⚡ Exploit | Apr 10, 2026 |
| CVE-2026-35668 | High | 7.7 |
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to re…
|
⚡ Exploit | Apr 10, 2026 |