CVE.report search for "CVE-2026-33506"
Listed below are 50 relevant search results for "CVE-2026-33506" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-34510 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs... | ||
| CVE-2026-34506 | Openclaw | Openclaw | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthori... |
| CVE-2026-34505 | Openclaw | Openclaw | OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass ra... |
| CVE-2026-34504 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.... |
| CVE-2026-34503 | Openclaw | Openclaw | OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attac... |
| CVE-2026-34205 | Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (former... | ||
| CVE-2026-34204 | MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFr... | ||
| CVE-2026-33994 | Locutus | Locutus | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and ... |
| CVE-2026-33895 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0... | ||
| CVE-2026-33664 | Kestra | Kestra | Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YA... |
| CVE-2026-33634 | Aquasec | Setup-trivy | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.6... |
| CVE-2026-33581 | Openclaw | Openclaw | OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary... |
| CVE-2026-33580 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that al... |
| CVE-2026-33579 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forwa... |
| CVE-2026-33578 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where rout... |
| CVE-2026-33577 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allo... |
| CVE-2026-33576 | Openclaw | Openclaw | OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unaut... |
| CVE-2026-33575 | Openclaw | Openclaw | OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair end... |
| CVE-2026-33574 | Openclaw | Openclaw | OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools ro... |
| CVE-2026-33573 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated o... |
| CVE-2026-33572 | Openclaw | Openclaw | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users ... |
| CVE-2026-33415 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-33397 | The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2,... | ||
| CVE-2026-33300 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-33185 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-33074 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-33073 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-33045 | Home-assistant | Home-assistant | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02... |
| CVE-2026-33044 | Home-assistant | Home-assistant | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02... |
| CVE-2026-33015 | Linuxfoundation | Everest | EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (Stop... |
| CVE-2026-33014 | Linuxfoundation | Everest | EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization r... |
| CVE-2026-33009 | Linuxfoundation | Everest | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory co... |
| CVE-2026-32988 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file cr... |
| CVE-2026-32987 | Openclaw | Openclaw | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-... |
| CVE-2026-32982 | Openclaw | Openclaw | OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Tele... |
| CVE-2026-32980 | Openclaw | Openclaw | OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-t... |
| CVE-2026-32979 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by ... |
| CVE-2026-32978 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file o... |
| CVE-2026-32977 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses a... |
| CVE-2026-32976 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected siblin... |
| CVE-2026-32975 | Openclaw | Openclaw | OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group d... |
| CVE-2026-32974 | Openclaw | Openclaw | OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken ... |
| CVE-2026-32973 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normal... |
| CVE-2026-32972 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.... |
| CVE-2026-32971 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extrac... |
| CVE-2026-32970 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway... |
| CVE-2026-32951 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before ... | ||
| CVE-2026-32924 | Openclaw | Openclaw | OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type ... |
| CVE-2026-32923 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to en... |
| CVE-2026-32922 | Openclaw | Openclaw | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with opera... |