CVE.report search for "CVE-2026-29185"
Listed below are 50 relevant search results for "CVE-2026-29185" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-40037 | OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allow... | ||
| CVE-2026-40036 | Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attac... | ||
| CVE-2026-39883 | Opentelemetry | Opentelemetry | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Dar... |
| CVE-2026-39370 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacke... | ||
| CVE-2026-39323 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a dupli... | ||
| CVE-2026-39317 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a dupli... | ||
| CVE-2026-35646 | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allo... | ||
| CVE-2026-35645 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession... | ||
| CVE-2026-35644 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to ... | ||
| CVE-2026-35642 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMentio... | ||
| CVE-2026-35640 | OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers... | ||
| CVE-2026-35639 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an oper... | ||
| CVE-2026-35638 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated session... | ||
| CVE-2026-35637 | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work a... | ||
| CVE-2026-35636 | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves ... | ||
| CVE-2026-35635 | OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows ... | ||
| CVE-2026-35634 | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | ||
| CVE-2026-35633 | OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allo... | ||
| CVE-2026-35632 | OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs... | ||
| CVE-2026-35631 | OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized... | ||
| CVE-2026-35629 | OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to pr... | ||
| CVE-2026-35628 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attac... | ||
| CVE-2026-35627 | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing se... | ||
| CVE-2026-35626 | OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that b... | ||
| CVE-2026-35625 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approv... | ||
| CVE-2026-35624 | OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names i... | ||
| CVE-2026-35623 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to b... | ||
| CVE-2026-35622 | OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handl... | ||
| CVE-2026-35618 | OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers t... | ||
| CVE-2026-35617 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies ... | ||
| CVE-2026-35592 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function ... | ||
| CVE-2026-35567 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a dupli... | ||
| CVE-2026-35566 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason: This candidate is a dupli... | ||
| CVE-2026-35533 | mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control set... | ||
| CVE-2026-35477 | InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NA... | ||
| CVE-2026-35464 | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS s... | ||
| CVE-2026-35459 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side r... | ||
| CVE-2026-35383 | Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker... | ||
| CVE-2026-35174 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administra... | ||
| CVE-2026-35173 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post mode... | ||
| CVE-2026-35043 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, t... | ||
| CVE-2026-34947 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-34932 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that c... | ||
| CVE-2026-34931 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability th... | ||
| CVE-2026-34848 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the... | ||
| CVE-2026-34847 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open ... | ||
| CVE-2026-34841 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack invol... | ||
| CVE-2026-34745 | Shaneisrael | Fireshare | Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to t... |
| CVE-2026-34512 | OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that... | ||
| CVE-2026-34511 | OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through ... | ||