Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Security Vulnerabilities357786
CVE-2026-5513
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 11:25
Updated-13 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Action-Not Available
Vendor-ladela
Product-Online Scheduling and Appointment Booking System – Bookly
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11624
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-9.4||CRITICAL
EPSS-Not Assigned
Published-13 Jun, 2026 | 08:38
Updated-13 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced alongside the existing "--allowed-origins" flag, enabling users to specify permitted hosts at server startup. Both flags default to "*", allowing users to implement strict access controls as needed without breaking existing setups. If either flag is set to "*", the server will output a startup warning about potential vulnerabilities. Documentation has also been updated to highlight these security considerations.

Action-Not Available
Vendor-Google LLC
Product-MCP Toolbox for Databases
CWE ID-CWE-346
Origin Validation Error
CVE-2026-1291
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 08:29
Updated-13 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with Author-level access and above, to arbitrarily create or overwrite existing gallery shortcode records by supplying a user-controlled id value. The endpoint performs database update operations without verifying that the requesting user is authorized to modify the referenced gallery record or create their own.

Action-Not Available
Vendor-tigroumeow
Product-Meow Gallery
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9629
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 07:51
Updated-13 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-codesupplyco
Product-Canvas
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-2470
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 07:51
Updated-13 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayer_save_content AJAX handler allowing users with basic post-edit capability to persist pagelayer_contact_templates metadata on posts they can edit (including pending posts), while the unauthenticated pagelayer_contact_submit endpoint later consumes that metadata by user-controlled post/form identifiers without enforcing a privileged or published-context boundary. This makes it possible for authenticated attackers, with Contributor-level access and above, to configure arbitrary contact-form mail templates that are usable through unauthenticated form submission via the contacts parameter. In typical deployments this template feature is configured via Pagelayer Pro UI; however, the vulnerable backend trust path is still present. This issue may be chained with CVE-2026-2442 to increase exploitability and attacker control over outbound email behavior.

Action-Not Available
Vendor-softaculous
Product-Page Builder: Pagelayer – Drag and Drop website builder
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-3297
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 07:51
Updated-13 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-softaculous
Product-Page Builder: Pagelayer – Drag and Drop website builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9134
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 06:47
Updated-13 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallery_sanitize_javascript() function, which blocks only a subset of HTML event attributes (onmouseover, onmouseout, onpointerenter, onclick, onload, onchange, onerror) while permitting others such as 'onmouseenter', combined with the failure to escape the attribute key when building the gallery container HTML in foogallery_build_container_attributes_safe(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-fooplugins
Product-Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9062
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-13 Jun, 2026 | 06:00
Updated-13 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys.

Action-Not Available
Vendor-Unknown
Product-Store Locator WordPress
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-9061
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-13 Jun, 2026 | 06:00
Updated-13 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network).

Action-Not Available
Vendor-Unknown
Product-Store Locator WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9109
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 05:32
Updated-13 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The deterministically derived API key (sha256 of the site URL) is printed in the HTML source of every page via the JavaScript variable gptApiKey, meaning any unauthenticated visitor can retrieve the key and submit malicious translation payloads to the /wp-json/gptranslate/v1/request endpoint without any additional precondition.

Action-Not Available
Vendor-john-dagelmore
Product-GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11769
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-6.4||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 04:17
Updated-13 Jun, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. ### Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod. ### Impact It is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager. ### Affected versions All Grafana Operator versions <= 5.23 ### Solutions and mitigations All installations should be upgraded as soon as possible. As a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicy metadata: name: "prevent-jsonnet-dashboards" spec: failurePolicy: Fail matchConstraints: resourceRules: - apiGroups: ["grafana.integreatly.org"] apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE"] resources: ["grafanadashboards", "grafanalibrarypanels"] validations: - expression: "!has(object.spec.jsonnetLib)" --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicyBinding metadata: name: "prevent-jsonnet-dashboards-clusterwide" spec: policyName: "prevent-jsonnet-dashboards" validationActions: [Deny] ### Acknowledgement We would like to thank Artem Cherezov for responsibly disclosing the vulnerability.

Action-Not Available
Vendor-Grafana Labs
Product-Grafana Operator
CVE-2026-54231
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:34
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-54230
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:34
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-54229
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:34
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows an attacker to gain filesystem-level control of the dump directory while privileged event scripts are still running.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-54228
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:34
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-9848
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:29
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` filter with `wp_ticket_com_posts_request()`, which calls `emd_author_search_results()` when the current request is an unauthenticated front-end search. That function reads `$query->query_vars['s']` — already wp_unslash()'d by `WP_Query::parse_query()`, so wp_magic_quotes protection has been stripped — and concatenates the raw value into a SQL `LIKE` clause inside a UNION sub-SELECT appended to the main query, with no `$wpdb->prepare()` or escaping. This makes it possible for unauthenticated attackers to append additional SQL queries into already-existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-emarket-design
Product-Customer Support Ticket System & Helpdesk
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-12089
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.9||MEDIUM
EPSS-Not Assigned
Published-13 Jun, 2026 | 02:29
Updated-13 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() function trusting <link rel="stylesheet" href="..."> values harvested from page HTML and converting same-site URLs to absolute filesystem paths before reading them with file_get_contents()/Minify\CSS::add(), without enforcing that the resolved path stay within ABSPATH or have a .css extension. This makes it possible for authenticated attackers, with Editor-level access and above, to read arbitrary files.

Action-Not Available
Vendor-aurelienlws
Product-LWS Optimize – All-in-One Speed Booster & Cache Tools
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-11443
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 23:04
Updated-13 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the downloadAttachment method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to execute script in the context of the current user. Was ZDI-CAN-28236.

Action-Not Available
Vendor-Allegra (Alltena GmbH)
Product-Allegra
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11442
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 23:04
Updated-13 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allegra exportReport Directory Traversal Information Disclosure Vulnerability

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportReport method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-28208.

Action-Not Available
Vendor-Allegra (Alltena GmbH)
Product-Allegra
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-12068
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.4||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:19
Updated-12 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira Password Manager credential disclosure via cross-origin autofill in Firefox

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Action-Not Available
Vendor-Gen Digital
Product-Avira Password Manager
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2026-6676
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:16
Updated-12 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14098
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:16
Updated-12 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9033
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:15
Updated-12 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-9032
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:14
Updated-12 Jun, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7019
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:14
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus stack overflow when scanning a malformed Office Open XML file

Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25020100. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-7018
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:13
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-7017
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:13
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7011
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:12
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus heap OOB when scanning a malformed zip file

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds from 25020100 before 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7010
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:11
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus stack overflow when scanning a malformed PDF file

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-7009
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:10
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021310. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7008
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:09
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021310. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7006
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:08
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus use of stack memory after free when scanning a malformed PE file

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-590
Free of Memory not on the Heap
CVE-2025-7005
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:07
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus infinite recursion when scanning a malformed PE file

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25031700. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-7004
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:04
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avast antivirus heap buffer OOB write when scanning a malformed PE file

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25040308. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Action-Not Available
Vendor-Gen Digital
Product-Avast OneAvast Business AntivirusAVG AntivirusAvast AntivirusNorton Antivirus
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7003
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 22:02
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7002
Assigner-NortonLifeLock Inc.
ShareView Details
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:59
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-41158
Assigner-Imagination Technologies
ShareView Details
Assigner-Imagination Technologies
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-53868
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-53867
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-459
Incomplete Cleanup
CVE-2026-53839
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CVE-2026-53838
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-53837
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:57
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2026-53836
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-53835
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53834
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53833
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.4||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-13 Jun, 2026 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53832
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.4||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate privileges.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53831
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-53830
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation, potentially accepting previous credentials.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-53829
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:56
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7155
  • 7156
  • Next