🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-35640 | Medium | 5.3 |
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta…
|
— | Apr 9, 2026 |
| CVE-2026-5833 | Medium | 5.3 |
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function serv…
|
— | Apr 9, 2026 |
| CVE-2026-5986 | Medium | 5.3 |
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the …
|
— | Apr 9, 2026 |
| CVE-2026-2519 | Medium | 5.3 |
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation v…
|
— | Apr 9, 2026 |
| CVE-2026-35626 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling t…
|
— | Apr 9, 2026 |
| CVE-2026-35633 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that…
|
— | Apr 9, 2026 |
| CVE-2026-35634 | Medium | 5.1 |
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasReq…
|
— | Apr 9, 2026 |
| CVE-2025-30650 | Medium | 6.7 |
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a…
|
— | Apr 8, 2026 |
| CVE-2026-1672 | Medium | 6.5 |
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnera…
|
— | Apr 8, 2026 |
| CVE-2026-40037 | Medium | 6.5 |
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that …
|
— | Apr 8, 2026 |
| CVE-2026-1865 | Medium | 6.5 |
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom U…
|
— | Apr 8, 2026 |
| CVE-2026-3480 | Medium | 6.5 |
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. …
|
— | Apr 8, 2026 |
| CVE-2026-2377 | Medium | 6.5 |
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially cra…
|
— | Apr 8, 2026 |
| CVE-2026-3142 | Medium | 6.4 |
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting …
|
— | Apr 8, 2026 |
| CVE-2026-2509 | Medium | 6.4 |
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Cu…
|
— | Apr 8, 2026 |
| CVE-2026-2988 | Medium | 6.4 |
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podca…
|
— | Apr 8, 2026 |
| CVE-2026-3513 | Medium | 6.4 |
The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 8, 2026 |
| CVE-2026-1396 | Medium | 6.4 |
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magi…
|
— | Apr 8, 2026 |
| CVE-2026-2481 | Medium | 6.4 |
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site …
|
— | Apr 8, 2026 |
| CVE-2026-3239 | Medium | 6.4 |
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_v…
|
— | Apr 8, 2026 |