CVE.report search for "CVE-2026-41503"

Listed below are 50 relevant search results for "CVE-2026-41503" based on Vendor, Software, and CVE description

These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.

If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.

Search Results

CVE ID Vendor Software Description
CVE-2026-62200OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be ...
CVE-2026-62199OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variabl...
CVE-2026-62198OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lo...
CVE-2026-62197OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs....
CVE-2026-62196OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisf...
CVE-2026-62195OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that al...
CVE-2026-62194OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allo...
CVE-2026-62193OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install...
CVE-2026-62192OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows...
CVE-2026-62191OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that al...
CVE-2026-62190OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust ...
CVE-2026-62189OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trus...
CVE-2026-62188OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu ...
CVE-2026-62187OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-tr...
CVE-2026-62186OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides tha...
CVE-2026-61692Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61454. Reason: This candidate is a dupli...
CVE-2026-61492JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the au...
CVE-2026-59828DiscourseDiscourseDiscourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that sho...
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticat...
CVE-2026-598009Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-instal...
CVE-2026-59796JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-59795JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVE-2026-59794JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVE-2026-59793JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVE-2026-59792JetbrainsIntellij IdeaIn JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was po...
CVE-2026-59791JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/i...
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts doe...
CVE-2026-59261OpenclawOpenclawOpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider cre...
CVE-2026-58465Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler w...
CVE-2026-58448yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated use...
CVE-2026-58374W1.fiHostapdIn hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association requ...
CVE-2026-57950ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderControll...
CVE-2026-57949ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GE...
CVE-2026-57926JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
CVE-2026-57925JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57924JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
CVE-2026-57923JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project...
CVE-2026-57922JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-57921JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templat...
CVE-2026-57920PeplinkIntcontrol 2Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /re...
CVE-2026-57913Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts...
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery...
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based...
CVE-2026-57522BitwardenServerBitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), whi...
CVE-2026-57521BitwardenServerBitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access ...
CVE-2026-57520BitwardenServerBitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with Ma...
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional p...
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a rem...
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report