Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Thursday's disclosures center on container infrastructure and browser sandboxing, with Docker Gotenberg, Google Chrome, and OpenClaw Sandbox Browser carrying the highest-impact flaws. Critical CVEs totaled 11 (down 27% from 15) while high-priority CVEs reached 100 (up 9% from 92). Notable entries include CVE-2026-40281 (CVSS 10) in Docker Gotenberg, CVE-2026-7908 (CVSS 9.6) in Google Chrome, and CVE-2026-41930 (CVSS 9.8) in Apache Vvveb. Remote code execution and sandbox-escape patterns dominate, with Apache projects (Vvveb, Wicket, mod) and OpenClaw Sandbox Browser appearing across multiple critical entries. Eight KEV entries cover D-Link, Samsung MagicINFO, SimpleHelp, Palo Alto PAN-OS, ConnectWise ScreenConnect, Microsoft Windows, and the Linux Kernel; patch availability for today's batch is reported at 0%, so defenders should prioritize compensating controls and monitoring.
Docker Gotenberg CVE-2026-40281 leads the day at CVSS 10, alongside multiple OpenClaw Sandbox Browser flaws (CVE-2026-43581, CVE-2026-43575, CVE-2026-44109) at CVSS 9.6-9.8
Critical CVEs at 11, down 27% from 15 the prior day
High-priority CVEs at 100, up 9% from 92 the prior day
Remote code execution and sandbox-escape themes span Apache Vvveb, Apache Wicket, Apache mod, and OpenClaw Sandbox Browser
Patch availability at 0% across today's batch, requiring interim mitigations and monitoring for Docker, Chrome, and Apache deployments
8 KEV entries include Palo Alto PAN-OS, Microsoft Windows, Linux Kernel, SimpleHelp, ConnectWise ScreenConnect, Samsung MagicINFO, and D-Link DIR-823X
Immediate action: Prioritize Docker Gotenberg, Google Chrome, OpenClaw Sandbox Browser, and Apache Vvveb/Wicket/mod deployments for review, and apply compensating controls on KEV-listed Palo Alto PAN-OS, Microsoft Windows, Linux Kernel, SimpleHelp, and ConnectWise ScreenConnect installations. With 0% patch availability across today's critical batch, focus on network segmentation, exposure reduction, and detection coverage until vendor fixes ship.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â
Featured Vulnerability
â FeaturedITWNoPatch
CVE-2026-0300
9.3đ
Palo Alto NetworksPAN-OS (PA-Series and VM-Series firewalls)
Unauthenticated RCE in Palo Alto PAN-OS firewalls
A buffer overflow in the User-ID Authentication Portal lets an unauthenticated network attacker execute arbitrary code as root on PA-Series and VM-Series firewalls. Palo Alto Networks confirms limited exploitation in the wild against portals reachable from untrusted IP space.
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-29635
9.5
D-LinkDIR-823X
â° Federal Deadline:May 7, 2026(1 days remaining)
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-7399
9.5đ Late Disclosure
SamsungMagicINFO 9 Server
â° Federal Deadline:May 7, 2026(1 days remaining)
Samsung MagicINFO 9 Server Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-57728
9.5đ Late Disclosure
SimpleHelp SimpleHelp
â° Federal Deadline:May 7, 2026(1 days remaining)
SimpleHelp Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-57726
9.5đ Late Disclosure
SimpleHelp SimpleHelp
â° Federal Deadline:May 7, 2026(1 days remaining)
SimpleHelp Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-0300
9.5
Palo Alto NetworksPAN-OS
â° Federal Deadline:May 8, 2026(2 days remaining)
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-1708
9.5đ Late Disclosure
ConnectWiseScreenConnect
â° Federal Deadline:May 11, 2026(5 days remaining)
ConnectWise ScreenConnect Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-32202
9.5
MicrosoftWindows
â° Federal Deadline:May 11, 2026(5 days remaining)
Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-31431
9.5
LinuxKernel
â° Federal Deadline:May 14, 2026(8 days remaining)
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-41930
9.8đ
ApacheVvveb
Vvveb contains hard-coded credentials in its docker-compose-apache.yaml configuration, allowing unauthenticated remote access to the bundled phpMyAdmin container.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-7908
9.6đ
GoogleChrome prior
A use-after-free vulnerability in the Google Chrome Fullscreen implementation allows a remote attacker to achieve sandbox escape via a crafted HTML page.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-43581
9.6đ
OpenClawSandbox Browser
OpenClaw contains an improper network binding configuration that exposes the Chrome DevTools Protocol externally, allowing unauthorized remote access.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-40010
9.1đ
ApacheWicket
Apache Wicket fails to invoke the changeSessionId method after session binding, exposing the application to session fixation attacks.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-40281
10đ
DockerGotenberg
Gotenberg contains a command injection vulnerability where unsanitized metadata values allow attackers to manipulate ExifTool arguments, leading to arbitrary file system operations.
CVSS Base10
â
CRSSelect profile
CVE-2026-5081
9.1đ
Apachemod
The Apache::Session::Generate::ModUniqueId module generates insecure session IDs using predictable environment variables, allowing for potential session hijacking.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-43575
9.8đ
OpenClawSandbox Browser
OpenClaw contains an authentication bypass in the noVNC helper route, allowing unauthenticated attackers to hijack interactive browser sessions.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-44109
9.8đ
OpenClawSandbox Browser
OpenClaw contains an authentication bypass in webhook validation that allows unauthenticated attackers to execute arbitrary commands.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-43578
9.1đ
OpenClawSandbox Browser
OpenClaw contains a privilege escalation vulnerability where heartbeat owner downgrade detection misses async execution completion events.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-41201
9.1đ
ArchCI4MS
CI4MS contains a stored DOM-based XSS vulnerability in the backup module that can be leveraged for full account takeover.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-40982
9.1đ
Spring CloudConfig Server
Spring Cloud Config allows directory traversal via specially crafted URLs, enabling unauthorized access to arbitrary files.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-7926
8.8đ
GoogleChrome prior
A Use-After-Free (UAF) vulnerability in the PresentationAPI of Google Chrome allows for potential arbitrary code execution via a specially crafted web page.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7898
8.8đ
GoogleChrome on
A Use-After-Free vulnerability in the Chromoting component of Google Chrome for Linux allows for potential arbitrary code execution.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7901
8.8đ
GoogleChrome on
A Use-After-Free vulnerability in the ANGLE graphics engine of Google Chrome on Mac allows for potential arbitrary code execution.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7906
8.8đ
GoogleChrome prior
A Use-After-Free vulnerability in the SVG implementation of Google Chrome allows for potential arbitrary code execution.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7907
8.8
GoogleChrome prior
Use after free in DOM in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7921
8.8
GoogleChrome prior
Use after free in Passwords in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7928
8.8
GoogleChrome on
Use after free in WebRTC in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7938
8.8
GoogleChrome prior
Use after free in CSS in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7940
8.8
GoogleChrome prior
Use after free in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7974
8.8
GoogleChrome prior
Use after free in Blink in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7980
8.8
GoogleChrome prior
Use after free in WebAudio in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7984
8.8
GoogleChrome prior
Use after free in ReadingMode in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7987
8.8
GoogleChrome prior
Use after free in WebRTC in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7991
8.8
GoogleChrome prior
Use after free in UI in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-8002
8.8
GoogleChrome on
Use after free in Audio in Google Chrome on Mac prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-8016
8.8
GoogleChrome prior
Use after free in WebRTC in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7900
8.3
GoogleChrome prior
Heap buffer overflow in ANGLE in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7911
8.3
GoogleChrome on
Use after free in Aura in Google Chrome on Windows prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7917
8.3
GoogleChrome on
Use after free in Fullscreen in Google Chrome on Windows prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7918
8.3
GoogleChrome prior
Use after free in GPU in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7919
8.3
GoogleChrome prior
Use after free in Aura in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7920
8.3
GoogleChrome prior
Use after free in Skia in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7922
8.3
GoogleChrome prior
Use after free in ServiceWorker in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7956
8.3
GoogleChrome prior
Use after free in Navigation in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7970
8.3
GoogleChrome prior
Use after free in TopChrome in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7975
8.3
GoogleChrome prior
Use after free in DevTools in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7985
8.3
GoogleChrome prior
Use after free in GPU in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-8001
8.3
GoogleChrome on
Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7925
7.8
GoogleChrome on
Use after free in Chromoting in Google Chrome on Windows prior to 148
CVSS Base7.8
â
CRSSelect profile
CVE-2026-7896
8.8
GoogleChrome prior
Integer overflow in Blink in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7899
8.8
GoogleChrome prior
Out of bounds read and write in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7902
8.8
GoogleChrome prior
Out of bounds memory access in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7903
8.8
GoogleChrome on
Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7927
8.8
GoogleChrome prior
Type Confusion in Runtime in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7930
8.8
GoogleChrome prior
Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7951
8.8
GoogleChrome prior
Out of bounds write in WebRTC in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7957
8.8
GoogleChrome on
Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7973
8.8
GoogleChrome on
Integer overflow in Dawn in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7988
8.8
GoogleChrome prior
Type Confusion in WebRTC in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7992
8.8
GoogleChrome on
Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7995
8.8
GoogleChrome prior
Out of bounds read in AdFilter in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-8000
8.8
GoogleChrome on
Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41143
8.8
HPat line
YesWiki is a wiki system written in PHP
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7905
8.3
GoogleChrome on
Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7914
8.3
GoogleChrome on
Type Confusion in Accessibility in Google Chrome on Windows prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7916
8.3
GoogleChrome prior
Insufficient data validation in InterestGroups in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7923
8.3
GoogleChrome prior
Out of bounds write in Skia in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7963
8.3
GoogleChrome prior
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7967
8.3
GoogleChrome prior
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148
CVSS Base8.3
â
CRSSelect profile
CVE-2026-7978
8.1
GoogleChrome on
Inappropriate implementation in Companion in Google Chrome on Mac prior to 148
CVSS Base8.1
â
CRSSelect profile
CVE-2026-8018
8.1
GoogleChrome prior
Insufficient policy enforcement in DevTools in Google Chrome prior to 148
CVSS Base8.1
â
CRSSelect profile
CVE-2026-7913
7.8
GoogleChrome on
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148
CVSS Base7.8
â
CRSSelect profile
CVE-2026-7990
7.8
GoogleChrome on
Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148
CVSS Base7.8
â
CRSSelect profile
CVE-2026-7994
7.8
GoogleChrome on
Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148
CVSS Base7.8
â
CRSSelect profile
CVE-2026-7997
7.8
GoogleChrome on
Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148
CVSS Base7.8
â
CRSSelect profile
CVE-2026-20034
8.8
CiscoUnity Connection
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device
CVSS Base8.8
â
CRSSelect profile
CVE-2026-43530
8.8đ
AppleOpenClaw
OpenClaw is affected by a security vulnerability requiring immediate attention to prevent potential exploitation of the software environment.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6261
8.8đ
WordPressis vulnerable
The Betheme theme for WordPress is vulnerable to arbitrary file upload, which can allow attackers to execute malicious code on the server.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6692
8.8
WordPressis vulnerable
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7412
8.6
JavaMultiple Products
In Eclipse BaSyx Java Server SDK versions prior to 2
CVSS Base8.6
â
CRSSelect profile
CVE-2026-7252
8.1
WordPressis vulnerable
The WP-Optimize â Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled_original_file_deletion function in all versions up to, and including, 4
CVSS Base8.1
â
CRSSelect profile
CVE-2026-23479
8.8
Redisis an
Redis is an in-memory data structure store
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25243
8.8
Redisis an
Redis is an in-memory data structure store
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41934
8.8
HPhandler
Vvveb before version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41938
8.8
HPhandler
Vvveb before version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23631
8.1
Redisis an
Redis is an in-memory data structure store
CVSS Base8.1
â
CRSSelect profile
CVE-2026-41936
8.1
HPto inject
Vvveb before version 1
CVSS Base8.1
â
CRSSelect profile
CVE-2026-6691
7.8đ
SAPC Driver
A heap buffer overflow in the MongoDB C Driver's Cyrus SASL integration allows for potential arbitrary code execution before authentication.
CVSS Base7.8
â
CRSSelect profile
CVE-2026-7841
8.8đ
GeoVisionGV-ASWeb
A remote code execution vulnerability exists in the Notification Settings of GeoVision GV-ASWeb 6.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7855
8.8
D-LinkDI
A vulnerability was detected in D-Link DI-8100 16
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31195
8.8
UnknownMultiple Products
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31196
8.8
AcerMultiple Products
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution
CVSS Base8.8
â
CRSSelect profile
CVE-2024-30151
8.3đ Late Disclosure
UnknownMultiple Products
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation
CVSS Base8.3
â
CRSSelect profile
CVE-2023-54345
8.8đ Late Disclosure
FrameworkMultiple Products
Frappe Framework ERPNext 13
CVSS Base8.8
â
CRSSelect profile
CVE-2023-54348
8.8đ Late Disclosure
ERPGoMultiple Products
ERPGo SaaS 3
CVSS Base8.8
â
CRSSelect profile
CVE-2026-42434
8.8
OpenClawMultiple Products
OpenClaw versions 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-42435
8.8
versionsMultiple Products
OpenClaw versions from 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-43569
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-43571
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2025-31951
8.8đ
HCLBigFix RunBookAI
HCL BigFix RunBookAI is affected by a command smuggling vulnerability due to unvalidated command input.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-42503
8.8
UnknownMultiple Products
gopls by default communicates via pipe
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7875
8.8
outbound attachmentMultiple Products
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out
CVSS Base8.8
â
CRSSelect profile
CVE-2026-43584
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-44110
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-44115
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41142
8.8
UnknownMultiple Products
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41139
8.8
UnknownMultiple Products
Math
CVSS Base8.8
â
CRSSelect profile
CVE-2026-43533
8.6
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.6
â
CRSSelect profile
CVE-2026-44116
8.6
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.6
â
CRSSelect profile
CVE-2026-42439
8.5
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.5
â
CRSSelect profile
CVE-2026-43526
8.2
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.2
â
CRSSelect profile
CVE-2026-41669
8.2
UnknownMultiple Products
Admidio is an open-source user management solution
CVSS Base8.2
â
CRSSelect profile
CVE-2026-41670
8.2
UnknownMultiple Products
Admidio is an open-source user management solution
CVSS Base8.2
â
CRSSelect profile
CVE-2026-44331
8.1
ProFTPDMultiple Products
In ProFTPD through 1
CVSS Base8.1
â
CRSSelect profile
CVE-2026-43585
8.1
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.1
â
CRSSelect profile
CVE-2025-9661
8.1
OneMultiple Products
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28