🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-33786 | Medium | 5.5 |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Junipe…
|
— | Apr 9, 2026 |
| CVE-2026-4124 | Medium | 5.4 |
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The …
|
— | Apr 9, 2026 |
| CVE-2026-35626 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling t…
|
— | Apr 9, 2026 |
| CVE-2026-2519 | Medium | 5.3 |
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation v…
|
— | Apr 9, 2026 |
| CVE-2026-5833 | Medium | 5.3 |
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function serv…
|
— | Apr 9, 2026 |
| CVE-2026-5986 | Medium | 5.3 |
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the …
|
— | Apr 9, 2026 |
| CVE-2026-35640 | Medium | 5.3 |
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta…
|
— | Apr 9, 2026 |
| CVE-2026-35633 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that…
|
— | Apr 9, 2026 |
| CVE-2026-35634 | Medium | 5.1 |
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasReq…
|
— | Apr 9, 2026 |
| CVE-2026-1340 | Critical | 9.8 |
Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vu…
|
— | Apr 8, 2026 |
| CVE-2026-1346 | Critical | 9.3 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 8, 2026 |
| CVE-2026-39860 | Critical | 9.0 |
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary ove…
|
✅ Patch | Apr 8, 2026 |
| CVE-2026-3357 | High | 8.8 |
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the sys…
|
— | Apr 8, 2026 |
| CVE-2026-3499 | High | 8.8 |
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to C…
|
— | Apr 8, 2026 |
| CVE-2026-3243 | High | 8.8 |
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
|
— | Apr 8, 2026 |
| CVE-2026-1342 | High | 8.5 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 8, 2026 |
| CVE-2026-4788 | High | 8.4 |
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a loc…
|
— | Apr 8, 2026 |
| CVE-2026-5436 | High | 8.1 |
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1.…
|
— | Apr 8, 2026 |
| CVE-2026-30818 | High | 8.0 |
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent…
|
— | Apr 8, 2026 |
| CVE-2026-30815 | High | 8.0 |
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent…
|
— | Apr 8, 2026 |