🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-35656 | Medium | 6.5 |
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when …
|
— | Apr 10, 2026 |
| CVE-2026-35652 | Medium | 6.5 |
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no…
|
— | Apr 10, 2026 |
| CVE-2026-35621 | Medium | 6.5 |
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat…
|
— | Apr 10, 2026 |
| CVE-2026-1263 | Medium | 6.4 |
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.…
|
— | Apr 10, 2026 |
| CVE-2026-2305 | Medium | 6.4 |
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod…
|
— | Apr 10, 2026 |
| CVE-2026-6005 | Medium | 6.3 |
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function…
|
— | Apr 10, 2026 |
| CVE-2026-6006 | Medium | 6.3 |
A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown…
|
— | Apr 10, 2026 |
| CVE-2026-6010 | Medium | 6.3 |
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknow…
|
— | Apr 10, 2026 |
| CVE-2026-6007 | Medium | 6.3 |
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the fi…
|
— | Apr 10, 2026 |
| CVE-2026-6030 | Medium | 6.3 |
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of…
|
— | Apr 10, 2026 |
| CVE-2026-6033 | Medium | 6.3 |
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedet…
|
— | Apr 10, 2026 |
| CVE-2026-5999 | Medium | 6.3 |
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnounceme…
|
— | Apr 10, 2026 |
| CVE-2026-4305 | Medium | 6.1 |
The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…
|
— | Apr 10, 2026 |
| CVE-2026-35667 | Medium | 6.1 |
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched k…
|
— | Apr 10, 2026 |
| CVE-2026-35670 | Medium | 5.9 |
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies t…
|
— | Apr 10, 2026 |
| CVE-2026-35655 | Medium | 5.7 |
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicti…
|
— | Apr 10, 2026 |
| CVE-2026-6011 | Medium | 5.6 |
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the …
|
— | Apr 10, 2026 |
| CVE-2026-33119 | Medium | 5.4 |
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized …
|
— | Apr 10, 2026 |
| CVE-2026-35620 | Medium | 5.4 |
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handle…
|
— | Apr 10, 2026 |
| CVE-2026-2712 | Medium | 5.4 |
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability che…
|
— | Apr 10, 2026 |