🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-35665 | Medium | 5.3 |
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request…
|
— | Apr 10, 2026 |
| CVE-2026-35661 | Medium | 5.3 |
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows…
|
— | Apr 10, 2026 |
| CVE-2026-35647 | Medium | 5.3 |
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks an…
|
— | Apr 10, 2026 |
| CVE-2026-4326 | High | 8.8 |
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and in…
|
— | Apr 9, 2026 |
| CVE-2026-5815 | High | 8.8 |
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-…
|
— | Apr 9, 2026 |
| CVE-2026-5984 | High | 8.8 |
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS…
|
— | Apr 9, 2026 |
| CVE-2026-5983 | High | 8.8 |
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo…
|
— | Apr 9, 2026 |
| CVE-2026-5982 | High | 8.8 |
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file…
|
— | Apr 9, 2026 |
| CVE-2026-5981 | High | 8.8 |
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform…
|
— | Apr 9, 2026 |
| CVE-2026-5980 | High | 8.8 |
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /g…
|
— | Apr 9, 2026 |
| CVE-2026-5979 | High | 8.8 |
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ …
|
— | Apr 9, 2026 |
| CVE-2026-35639 | High | 8.8 |
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an…
|
— | Apr 9, 2026 |
| CVE-2026-35638 | High | 8.8 |
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se…
|
— | Apr 9, 2026 |
| CVE-2026-5830 | High | 8.8 |
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysTo…
|
— | Apr 9, 2026 |
| CVE-2026-33785 | High | 8.8 |
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated…
|
— | Apr 9, 2026 |
| CVE-2026-5988 | High | 8.8 |
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW…
|
— | Apr 9, 2026 |
| CVE-2026-39911 | High | 8.8 |
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic …
|
— | Apr 9, 2026 |
| CVE-2025-13914 | High | 8.7 |
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a…
|
— | Apr 9, 2026 |
| CVE-2026-39942 | High | 8.5 |
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id}…
|
— | Apr 9, 2026 |
| CVE-2023-54359 | High | 8.2 |
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated …
|
— | Apr 9, 2026 |