CVE Daily
← All tags

Tag: Hashicorp Boundary

All CVEs associated with "Hashicorp Boundary". Page 2/6 • 672 CVEs.

Subscribe CVEs: RSS for “Hashicorp Boundary”  ·  RSS (High+Critical only)

About “Hashicorp Boundary”

A curated feed of “Hashicorp Boundary”-related CVEs appears below. We currently track 672 CVEs for this tag (all time). In the last 365 days, 336 were published. Average CVSS is 7.3 (all time; 7.4 over 365d), and 63% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-125 - Out-of-bounds Read, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.

In our taxonomy this topic maps to a LOW impact class. Remote access tools expose critical entry points. Patch, enforce MFA, restrict split tunneling, and monitor authentication events. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-04-18
Medium

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-04-17
High

CVE-2026-5710

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to t…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-04-16
High

CVE-2026-40318

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id pa…

CVSS: 8.5 CWE: CWE-24 - Path Traversal: '../filedir' View on NVD
High

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack bu…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2026-04-15
Medium

CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses s…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/…

CVSS: 8.3 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2026-04-13
Medium

CVE-2026-34864

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2026-04-10
High

CVE-2026-40156

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loa…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2026-35669

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted sco…

CVSS: 8.8 CWE: CWE-648 - Incorrect Use of Privileged APIs View on NVD
Medium

CVE-2026-35658

OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts ou…

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2026-35601

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT…

CVSS: 4.1 CWE: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection') View on NVD
Medium

CVE-2026-31412

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2026-04-09
Critical

CVE-2026-5503

In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared W…

CVSS: 9.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2026-40117

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path paramet…

CVSS: 6.2 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own nam…

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2026-04-08
High

CVE-2026-39859

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile() and parseFile(),…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2026-39412

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownPropertyOnly security option, allowing template authors t…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2026-04-07
Critical

CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-contr…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlle…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-…

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher block…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2026-39374

Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (ADMIN or MEMBER) to modify the start_date and target_date of ANY issue acr…

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2026-35613

coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSaf…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2026-5733

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2026-5732

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2026-04-06
Medium

CVE-2026-35454

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitr…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-04-03
High

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length hea…

CVSS: 8.6 CWE: N/A View on NVD
High

CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read…

CVSS: 8.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-04-02
Medium

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verificati…

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocati…

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability a…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expre…

CVSS: 3.7 CWE: CWE-436 - Interpretation Conflict View on NVD
High

CVE-2026-32145

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipart_body function bypasses configured max_…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2026-04-01
High

CVE-2026-34430

ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing re…

CVSS: 8.8 CWE: CWE-184 - Incomplete List of Disallowed Inputs View on NVD
High

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-03-31
High

CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The e…

CVSS: 8.1 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2026-34359

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match re…

CVSS: 7.4 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2026-32988

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attac…

CVSS: 7.5 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2026-32977

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker c…

CVSS: 6.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2026-03-30
Medium

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce t…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2026-03-29
High

CVE-2026-33573

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries b…

CVSS: 8.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2026-32915

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-03-28
Critical

CVE-2017-20229

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2017-20225

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers ca…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2026-03-26
High

CVE-2026-33622

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Low

CVE-2026-33490

H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determine whether incoming requests fall under a mounted su…

CVSS: 3.7 CWE: CWE-706 - Use of Incorrectly-Resolved Name or Reference View on NVD
2026-03-25
High

CVE-2026-23383

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpf_plt contains a u64 target field. Currently…

CVSS: 7.8 CWE: N/A View on NVD
2026-03-24
Medium

CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostnam…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2026-4719

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Critical

CVE-2026-4716

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 9.1 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2026-4714

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4713

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Critical

CVE-2026-4710

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2026-4709

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4708

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4707

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4706

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4699

Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4697

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4695

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4694

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-4693

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4690

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and…

CVSS: 8.6 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2026-4689

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and…

CVSS: 10.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-4687

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 14…

CVSS: 8.6 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4686

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2026-4685

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Critical

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to t…

CVSS: 9.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-03-23
Medium

CVE-2026-27183

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations —…

CVSS: 7.6 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-03-21
High

CVE-2026-32055

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks p…

CVSS: 7.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-03-20
High

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string match…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-03-19
Medium

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allowed_spam_host_domains` check used `String#end_with?` without domain boundary val…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2026-32037

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence atta…

CVSS: 6.0 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2026-32033

OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolute paths bypass workspace-only file-system boundary validation due to canonicalization mismatch. Att…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attac…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2026-32747

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers…

CVSS: 3.7 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-03-18
Medium

CVE-2026-22180

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient…

CVSS: 5.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2026-29057

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend,…

CVSS: 6.5 CWE: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') View on NVD
2026-03-17
High

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted pro…

CVSS: 7.8 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
2026-03-13
Medium

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword.…

CVSS: 6.5 CWE: CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') View on NVD
Medium

CVE-2026-29775

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary…

CVSS: 5.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
2026-03-12
High

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Us…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQ…

CVSS: 6.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-03-11
Medium

CVE-2026-31988

yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop con…

CVSS: 5.3 CWE: CWE-193 - Off-by-one Error View on NVD
Medium

CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitatio…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple…

CVSS: 5.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attac…

CVSS: 4.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-03-10
Critical

CVE-2026-27825

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` p…

CVSS: 9.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-03-07
Low

CVE-2026-30848

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnera…

CVSS: 3.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-02-27
Medium

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malf…

CVSS: 4.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2026-02-26
High

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2026-27821

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEn…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2026-02-25
Critical

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in…

CVSS: 9.9 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2026-02-24
Critical

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to si…

CVSS: 9.1 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2026-2801

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Critical

CVE-2026-2788

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2026-2779

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunder…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 14…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2026-2773

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thun…

CVSS: 10.0 CWE: CWE-1384 - Improper Handling of Physical or Environmental Conditions View on NVD
Critical

CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS: 9.8 CWE: CWE-1384 - Improper Handling of Physical or Environmental Conditions View on NVD
Critical

CVE-2026-2757

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS: 9.8 CWE: CWE-1384 - Improper Handling of Physical or Environmental Conditions View on NVD
Medium

CVE-2026-26284

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huf…

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-on…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-3044

A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2026-02-22
Medium

CVE-2026-2930

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of t…

CVSS: 6.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2026-02-20
Medium

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates t…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearm…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2026-02-17
Medium

CVE-2026-25903

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. Th…

CVSS: 6.6 CWE: CWE-862 - Missing Authorization View on NVD
2026-02-15
High

CVE-2025-32062

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppl…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-32061

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppl…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-32059

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppl…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2026-02-14
Unknown

CVE-2026-23177

In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry'…

CVSS: N/A CWE: N/A View on NVD
High

CVE-2025-71201

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the c…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-02-12
Critical

CVE-2026-26011

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD