🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-34227 | High | 8.8 |
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click …
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-5156 | High | 8.8 |
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/Quick…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-5204 | High | 8.8 |
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/we…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-5212 | High | 8.8 |
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2025-32957 | High | 8.7 |
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to …
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34585 | High | 8.6 |
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-32920 | High | 8.4 |
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust ve…
|
— | Mar 31, 2026 |
| CVE-2026-34504 | High | 8.3 |
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-prov…
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-34210 | High | 8.1 |
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method …
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-34377 | High | 8.1 |
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34503 | High | 8.1 |
OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. …
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-33577 | High | 8.1 |
OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that…
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-33579 | High | 8.1 |
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to …
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-2123 | High | 7.8 |
A security audit identified a privilege escalation
vulnerability in Operations Agent(<=OA 12.29) on Windows. Under speci…
|
— | Mar 31, 2026 |
| CVE-2026-22561 | High | 7.8 |
Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336…
|
— | Mar 31, 2026 |
| CVE-2026-24165 | High | 7.8 |
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful explo…
|
— | Mar 31, 2026 |
| CVE-2026-34163 | High | 7.7 |
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoi…
|
⚡ Exploit ✅ Patch | Mar 31, 2026 |
| CVE-2026-34365 | High | 7.6 |
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34366 | High | 7.6 |
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-4020 | High | 7.5 |
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includi…
|
— | Mar 31, 2026 |