CVE.report search for "CVE-2026-34604"
Listed below are 50 relevant search results for "CVE-2026-34604" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-40217 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_c... | ||
| CVE-2026-40199 | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ip... | ||
| CVE-2026-40198 | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6(... | ||
| CVE-2026-40037 | OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allow... | ||
| CVE-2026-40036 | Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attac... | ||
| CVE-2026-39883 | Opentelemetry | Opentelemetry | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Dar... |
| CVE-2026-39370 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacke... | ||
| CVE-2026-39323 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a dupli... | ||
| CVE-2026-39317 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a dupli... | ||
| CVE-2026-35670 | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to uni... | ||
| CVE-2026-35669 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that inco... | ||
| CVE-2026-35668 | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read ar... | ||
| CVE-2026-35667 | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killPr... | ||
| CVE-2026-35666 | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/ti... | ||
| CVE-2026-35665 | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodi... | ||
| CVE-2026-35664 | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recip... | ||
| CVE-2026-35663 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader ... | ||
| CVE-2026-35662 | OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message c... | ||
| CVE-2026-35661 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows atta... | ||
| CVE-2026-35660 | OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that all... | ||
| CVE-2026-35659 | OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influen... | ||
| CVE-2026-35658 | OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.w... | ||
| CVE-2026-35657 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that... | ||
| CVE-2026-35656 | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trust... | ||
| CVE-2026-35655 | OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting to... | ||
| CVE-2026-35654 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unau... | ||
| CVE-2026-35653 | OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows a... | ||
| CVE-2026-35652 | OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-all... | ||
| CVE-2026-35651 | OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts tha... | ||
| CVE-2026-35650 | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass th... | ||
| CVE-2026-35649 | OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all ... | ||
| CVE-2026-35648 | OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against curren... | ||
| CVE-2026-35647 | OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and rep... | ||
| CVE-2026-35646 | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allo... | ||
| CVE-2026-35645 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession... | ||
| CVE-2026-35644 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to ... | ||
| CVE-2026-35643 | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbi... | ||
| CVE-2026-35642 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMentio... | ||
| CVE-2026-35641 | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allow... | ||
| CVE-2026-35640 | OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers... | ||
| CVE-2026-35639 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an oper... | ||
| CVE-2026-35638 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated session... | ||
| CVE-2026-35637 | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work a... | ||
| CVE-2026-35636 | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves ... | ||
| CVE-2026-35635 | OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows ... | ||
| CVE-2026-35634 | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | ||
| CVE-2026-35633 | OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allo... | ||
| CVE-2026-35632 | OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs... | ||
| CVE-2026-35631 | OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized... | ||
| CVE-2026-35629 | OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to pr... | ||