8.3
CVE-2025-14213 - Cato's Socket WebUI is vulnerable to OS Command Injection
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.
8.1
CVE-2024-14031 - Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Z…
Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard p…
8.1
CVE-2024-14030 - Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Z…
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard p…
7.2
CVE-2026-4267 - Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possibl…
5.4
CVE-2026-3191 - Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minify_html_menu_options' function. This makes it possible for unauthenticated attackers to update plugin setti…
4.3
CVE-2026-3139 - User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.…
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb_save_avatar_value() function due to missing validation on a user controlled key…
0.0
CVE-2026-34509 - OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configu…
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0.0
CVE-2026-34508 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
2.3
CVE-2026-34506 - OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configu…
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes…
6.9
CVE-2026-34505 - OpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret Validation
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling system…