CVE Brief Security Intelligence

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store, potentially allowing local users to gain elevated system rights.

Prometheus, an open-source monitoring system, is affected by a security vulnerability that may impact its time-series database and monitoring operations.

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool)

Conditional Fields for Contact Form 7 WordPress plugin through version 2

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1

Nginx UI is a web user interface for the Nginx web server

Nginx UI is a web user interface for the Nginx web server

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3

OpenClaw is affected by a security vulnerability requiring immediate attention to prevent potential exploitation of the software environment.

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28

In Eclipse BaSyx Java Server SDK versions prior to 2

An escalation of privilege bug in various modules in Apache HTTP 2

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2

Easy PayPal Events & Tickets plugin for WordPress version 1

Easy PayPal Events & Tickets plugin for WordPress versions 1

Prometheus is an open-source monitoring system and time series database

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1

WordPress Plugin Backup Migration 1

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and including, 5

Buffer Over-read vulnerability in Apache HTTP Server

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings

A vulnerability exists in the Realtek rtl819x Jungle SDK affecting the rtl8192cd Wi-Fi kernel driver, which may allow for unauthorized system impact.

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc

OpenSTAManager version 2

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS

In adbd_tls_verify_cert of auth

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6

D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor

A vulnerability was detected in D-Link DI-8100 16

Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2

A flaw was found in the AAP gateway

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level

OpenClaw versions 2026

A vulnerability was identified in D-Link DI-8100 16

A flaw has been found in D-Link DI-8100 16

A vulnerability has been found in D-Link DI-8100 16

A weakness has been identified in Totolink N300RH 3

A security vulnerability has been detected in Totolink N300RH 3

A vulnerability was detected in Totolink N300RH 3

NetBox versions 4

Frappe Framework ERPNext 13

ERPGo SaaS 3

OpenClaw versions 2026

OpenClaw versions from 2026

OpenClaw before 2026

OpenClaw before 2026

PPTAgent is an agentic framework for reflective PowerPoint generation

OpenClaw before 2026

OpenClaw before 2026

OpenClaw before 2026

Evolver is a GEP-powered self-evolving engine for AI agents

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems

IKUS Rdiffweb before 2

In ProFTPD through 1

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions

Memory corruption when processing camera sensor input/output control codes with invalid output buffers

Memory corruption when another driver calls an IOCTL with invalid input/output buffer

Memory Corruption when copying data from a freed source while executing performance counter deselect operation

OpenClaw before 2026

OpenClaw versions 2026

OpenClaw before 2026

OpenClaw before 2026

An issue was discovered in idrac in OpenStack Ironic before 35

An issue in Assimp v

An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp

An integer underflow in FRRouting (FRR) stable/10

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy

An issue was discovered in Nix before 2

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization

OpenEMR 7

OpenClaw versions 2026

In Eclipse Open9J versions 0

In IMS, there is a possible system crash due to improper input validation

In Modem IMS, there is a possible improper input validation

In Modem IMS, there is a possible improper input validation

In Modem IMS, there is a possible improper input validation

In Modem IMS, there is a possible improper input validation

In nr modem, there is a possible improper input validation

A vulnerability has been found in RTGS2017 NagaAgent up to 5

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8

OpenClaw before 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection

A weakness has been identified in EFM ipTIME C200 up to 1

Detect-It-Easy prior to 3

A security flaw has been discovered in IObit Advanced SystemCare 19