Search
Search Results (339816 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25157 | 2 Apple, Openclaw | 2 Macos, Openclaw | 2026-02-13 | 7.8 High |
| OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=... would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29. | ||||
| CVE-2026-24763 | 1 Openclaw | 1 Openclaw | 2026-02-13 | 8.8 High |
| OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29. | ||||
| CVE-2025-59473 | 1 Expressionengine | 1 Expressionengine | 2026-02-13 | 7.2 High |
| SQL Injection vulnerability in the Structure for Admin authenticated user | ||||
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2026-2276 | 1 Wix | 1 Web Application | 2026-02-13 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded JavaScript code, which is stored and subsequently executed when other users view the image. Exploiting this vulnerability allows arbitrary code to be executed in the context of the victim's browser, which could lead to the disclosure of sensitive information or the abuse of the affected user's session. | ||||
| CVE-2026-26257 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26256 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26255 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26254 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26253 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26252 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26251 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26250 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26249 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-20663 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-02-12 | 3.3 Low |
| The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2025-64074 | 1 Shenzhen Zhibotong Electronics | 1 Zbt We2001 | 2026-02-12 | 5.3 Medium |
| A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value. | ||||
| CVE-2026-20625 | 1 Apple | 2 Macos, Visionos | 2026-02-12 | 5.5 Medium |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20630 | 1 Apple | 1 Macos | 2026-02-12 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | ||||
| CVE-2020-0919 | 1 Microsoft | 1 Windows App | 2026-02-12 | 7.8 High |
| An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'. | ||||
| CVE-2026-1458 | 1 Gitlab | 1 Gitlab | 2026-02-12 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. | ||||