CVEs classified under CWE-636, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2026-22034 — CVSS 9.8 (critical): Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system…
CVE-2024-3729 — CVSS 9.8 (critical): The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt'…
CVE-2026-40525 — CVSS 9.1 (critical): OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the…
CVE-2025-54870: VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause…
CVE-2026-54762 — CVSS 8.6 (high): Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's…
CVE-2023-4030 — CVSS 8.4 (high): A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover…
CVE-2026-54291: pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently…
CVE-2026-35205 — CVSS 7.8 (high): Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when…
CVE-2026-42423 — CVSS 7.5 (high): OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on…
CVE-2024-8185 — CVSS 7.5 (high): Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a…
CVE-2026-41334 — CVSS 6.5 (medium): OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards…
CVE-2024-2660 — CVSS 6.4 (medium): Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were…
CVE-2021-3614 — CVSS 6.4 (medium): A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under…
CVE-2026-53852 — CVSS 5.4 (medium): OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to…
CVE-2026-40249 — CVSS 5.3 (medium): free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for…
CVE-2026-27448 — CVSS 5.3 (medium): pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided…
CVE-2025-41760 — CVSS 4.9 (medium): An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not…
CVE-2025-41759 — CVSS 4.9 (medium): An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not…
CVE-2026-41377 — CVSS 4.6 (medium): OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block…
CVE-2026-53837 — CVSS 3.7 (low): OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type…
CVE-2026-45781 — CVSS 3.5 (low): The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership…
CVE-2026-32970 — CVSS 2.5 (low): OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password…
CVE-2026-49318 — CVSS 2.4 (low): Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an…
CVE-2026-49317 — CVSS 2.4 (low): Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an…