core-jmp core-jmpdeath of core jump
Home/CVE Pulse

CVE Pulse

0x04 // Actively Exploited

source: CISA KEV →

0x03 // Latest CVEs

source: NVD · NIST →
Severity CVE CVSS EPSS Description Published
MEDIUM CVE-2026-16130 4.4 A vulnerability was identified in nearai ironclaw up to 0.29.1. The affected element is the function validate_path of th… Jul 18, 2026 MEDIUM CVE-2026-16129 5.3 A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction… Jul 18, 2026 HIGH CVE-2026-16128 7.3 A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver_thread of the file… Jul 18, 2026 HIGH CVE-2026-16127 7.3 A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw_net_get/claw_net_post of th… Jul 18, 2026 HIGH CVE-2026-16126 7.3 A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of… Jul 18, 2026 HIGH CVE-2026-16125 7.3 A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw_net_get/claw_net_post… Jul 18, 2026 MEDIUM CVE-2026-16124 6.3 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function Ch… Jul 18, 2026 MEDIUM CVE-2026-16123 6.3 A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvo… Jul 18, 2026 MEDIUM CVE-2026-16122 4.3 A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the funct… Jul 18, 2026 MEDIUM CVE-2026-16121 6.3 A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file i… Jul 18, 2026 HIGH CVE-2026-9323 8.1 The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by c… Jul 18, 2026 MEDIUM CVE-2026-16120 6.3 A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlis… Jul 18, 2026 MEDIUM CVE-2026-16119 6.3 A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file… Jul 18, 2026 CRITICAL CVE-2026-16117 10.0 Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segme… Jul 18, 2026 HIGH CVE-2026-11826 8.8 OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData(… Jul 18, 2026 N/A CVE-2025-71398 SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-n… Jul 18, 2026 N/A CVE-2025-71397 SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permi… Jul 18, 2026 N/A CVE-2025-71396 SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on em… Jul 18, 2026 N/A CVE-2025-71395 SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to… Jul 18, 2026 N/A CVE-2025-71394 SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows aut… Jul 18, 2026 N/A CVE-2025-71393 SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain e… Jul 18, 2026 N/A CVE-2025-71392 SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the… Jul 18, 2026 N/A CVE-2025-71391 SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated… Jul 18, 2026 N/A CVE-2025-71390 SurrealDB before 2.2.6, 2.3.6, and 2.1.8 (and 3.0.0-alpha.7 and earlier) fails to validate DNS-resolved hostnames agains… Jul 18, 2026 MEDIUM CVE-2024-58370 6.5 SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements includin… Jul 18, 2026 MEDIUM CVE-2024-58369 6.5 SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or names… Jul 18, 2026 HIGH CVE-2024-58368 7.5 SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing s… Jul 18, 2026 N/A CVE-2024-58367 SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations,… Jul 18, 2026 HIGH CVE-2024-58366 8.5 SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when script… Jul 18, 2026 MEDIUM CVE-2024-58365 6.5 SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls… Jul 18, 2026 MEDIUM CVE-2024-58364 6.5 SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing quer… Jul 18, 2026 MEDIUM CVE-2024-58363 6.3 SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clau… Jul 18, 2026 HIGH CVE-2024-58362 8.8 SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operati… Jul 18, 2026 MEDIUM CVE-2024-58361 6.5 SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code… Jul 18, 2026 MEDIUM CVE-2024-58359 6.5 SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY r… Jul 18, 2026 MEDIUM CVE-2024-58358 4.9 SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owne… Jul 18, 2026 MEDIUM CVE-2024-58357 6.5 SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics whe… Jul 18, 2026 N/A CVE-2024-58356 SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used… Jul 18, 2026 HIGH CVE-2023-54366 8.8 SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREATE, UPDATE, and DELE… Jul 18, 2026 HIGH CVE-2026-9147 7.8 uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runti… Jul 18, 2026 N/A CVE-2026-59173 Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from… Jul 18, 2026 HIGH CVE-2026-16158 8.7 Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by conca… Jul 18, 2026 HIGH CVE-2026-15631 8.7 Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket desti… Jul 18, 2026 HIGH CVE-2026-16097 8.8 A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Sch… Jul 18, 2026 HIGH CVE-2026-16096 8.8 A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of th… Jul 18, 2026 HIGH CVE-2026-16095 8.8 A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntr… Jul 18, 2026 MEDIUM CVE-2026-16088 4.7 A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of t… Jul 18, 2026 MEDIUM CVE-2026-16085 5.3 <1% A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of… Jul 18, 2026 HIGH CVE-2026-47871 8.8 <1% VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, au… Jul 18, 2026 HIGH CVE-2026-47870 7.1 <1% VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network acce… Jul 18, 2026 HIGH CVE-2026-47869 8.7 <1% VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network acc… Jul 18, 2026 HIGH CVE-2026-47868 7.8 <1% VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be… Jul 18, 2026 HIGH CVE-2026-47867 8.7 <1% VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be abl… Jul 18, 2026 HIGH CVE-2026-47866 8.3 <1% VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a l… Jul 18, 2026 CRITICAL CVE-2026-47865 9.8 <1% VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be ab… Jul 18, 2026 HIGH CVE-2026-16084 7.3 <1% A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools… Jul 18, 2026 MEDIUM CVE-2026-16083 5.3 <1% A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of th… Jul 18, 2026 MEDIUM CVE-2026-16082 5.3 <1% A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun… Jul 18, 2026 MEDIUM CVE-2026-16081 4.3 <1% A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file w… Jul 18, 2026 MEDIUM CVE-2026-16077 5.3 <1% A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file a… Jul 18, 2026 MEDIUM CVE-2026-16076 6.3 <1% A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_se… Jul 18, 2026 MEDIUM CVE-2026-9734 4.3 <1% The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a… Jul 18, 2026 MEDIUM CVE-2026-16075 4.3 <1% A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat… Jul 18, 2026 MEDIUM CVE-2026-57980 5.4 <1% Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attac… Jul 17, 2026 HIGH CVE-2026-56741 7.5 <1% JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote… Jul 17, 2026 HIGH CVE-2026-56740 7.5 <1% JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote… Jul 17, 2026 HIGH CVE-2026-56171 7.1 <1% Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disc… Jul 17, 2026 LOW CVE-2026-54335 3.7 <1% Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and… Jul 17, 2026 HIGH CVE-2026-49485 7.5 <1% HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9… Jul 17, 2026 MEDIUM CVE-2026-48049 5.3 <1% @hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static file… Jul 17, 2026 MEDIUM CVE-2026-48022 6.5 <1% @hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck strips credential headers including Authorization, Cookie,… Jul 17, 2026 N/A CVE-2026-44979 <1% @hapi/wreck is an HTTP client utility. Prior to 18.1.1, when @hapi/wreck follows a 3xx redirect to a different hostname,… Jul 17, 2026 CRITICAL CVE-2026-55518 9.6 <1% Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association a… Jul 17, 2026 HIGH CVE-2026-54498 8.7 <1% view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4… Jul 17, 2026 MEDIUM CVE-2026-54497 6.8 <1% view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4… Jul 17, 2026 N/A CVE-2026-54490 <1% websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, if this library is used with the pe… Jul 17, 2026 N/A CVE-2026-54466 <1% websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft versions… Jul 17, 2026 LOW CVE-2026-54244 3.5 <1% Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endp… Jul 17, 2026 MEDIUM CVE-2026-54243 6.1 <1% Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, form submission valu… Jul 17, 2026 MEDIUM CVE-2026-54242 4.9 <1% Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image prox… Jul 17, 2026 MEDIUM CVE-2026-54163 4.7 <1% secure_headers manages application of security headers with many safe defaults. Prior to 7.3.0, secure_headers builds th… Jul 17, 2026 CRITICAL CVE-2026-54159 10.0 <1% PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsear… Jul 17, 2026 N/A CVE-2026-53727 <1% css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb,… Jul 17, 2026 N/A CVE-2026-52584 <1% Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via… Jul 17, 2026 N/A CVE-2026-52348 <1% cool-admin-java 8.0.0 has a SQL injection vulnerability in the order() method of CrudOption.java. Jul 17, 2026 N/A CVE-2026-52203 <1% An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter. Jul 17, 2026 HIGH CVE-2026-50274 7.5 <1% Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monit… Jul 17, 2026 HIGH CVE-2026-50272 7.5 <1% dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/bagga… Jul 17, 2026 HIGH CVE-2026-50271 7.5 <1% Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C bagga… Jul 17, 2026 MEDIUM CVE-2026-49977 4.3 <1% tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge() is called on… Jul 17, 2026 CRITICAL CVE-2026-48062 9.8 <1% CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/St… Jul 17, 2026 MEDIUM CVE-2026-45785 6.2 <1% OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Sto… Jul 17, 2026 N/A CVE-2026-45784 <1% rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.50 until 0.10.80, CipherCtxRef::ciph… Jul 17, 2026 HIGH CVE-2026-44891 7.5 <1% Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2… Jul 17, 2026 MEDIUM CVE-2026-16074 6.3 <1% A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plu… Jul 17, 2026 CRITICAL CVE-2026-13446 9.8 <1% IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it… Jul 17, 2026 HIGH CVE-2026-13445 8.1 <1% IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read an… Jul 17, 2026 MEDIUM CVE-2026-8861 5.3 <1% IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error messag… Jul 17, 2026 CRITICAL CVE-2026-8859 9.9 <1% IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations… Jul 17, 2026 CRITICAL CVE-2026-8635 9.9 <1% IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipul… Jul 17, 2026