CVE.report search for "CVE-2026-39690"
Listed below are 50 relevant search results for "CVE-2026-39690" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-53819 | OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env file... | ||
| CVE-2026-53818 | OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner ca... | ||
| CVE-2026-53817 | OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with netwo... | ||
| CVE-2026-53816 | OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows pai... | ||
| CVE-2026-53815 | OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist... | ||
| CVE-2026-53814 | OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive o... | ||
| CVE-2026-53813 | OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influ... | ||
| CVE-2026-53812 | OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated u... | ||
| CVE-2026-53811 | OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authentica... | ||
| CVE-2026-53810 | OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect l... | ||
| CVE-2026-53809 | OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provide... | ||
| CVE-2026-53808 | OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent ... | ||
| CVE-2026-53807 | OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authent... | ||
| CVE-2026-53806 | OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec... | ||
| CVE-2026-50632 | Apache | Cxf | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CX... |
| CVE-2026-50265 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 | ||
| CVE-2026-50127 | Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not ... | ||
| CVE-2026-50085 | The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveM... | ||
| CVE-2026-50084 | The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any ... | ||
| CVE-2026-50083 | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798:... | ||
| CVE-2026-50082 | The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker... | ||
| CVE-2026-49448 | Goauthentik | Authentik | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be b... |
| CVE-2026-49443 | Goauthentik | Authentik | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the abil... |
| CVE-2026-49433 | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attac... | ||
| CVE-2026-49386 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Pl... |
| CVE-2026-49385 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
| CVE-2026-49383 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| CVE-2026-49382 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin |
| CVE-2026-49381 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible |
| CVE-2026-49380 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible |
| CVE-2026-49379 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names |
| CVE-2026-49378 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion |
| CVE-2026-49376 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin |
| CVE-2026-49375 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page |
| CVE-2026-49374 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters |
| CVE-2026-49373 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings |
| CVE-2026-49372 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible |
| CVE-2026-49371 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible |
| CVE-2026-49370 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| CVE-2026-49369 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages |
| CVE-2026-49368 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible |
| CVE-2026-49367 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account |
| CVE-2026-49366 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion |
| CVE-2026-49298 | Apache | Airflow | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API ... |
| CVE-2026-49267 | Apache | Airflow | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without... |
| CVE-2026-48843 | Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) saniti... | ||
| CVE-2026-48696 | Pavel-odintsov | Fastnetmon | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-... |
| CVE-2026-48304 | Adobe | Experience Manager | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vu... |
| CVE-2026-48301 | Adobe | Experience Manager | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vu... |
| CVE-2026-48300 | Adobe | Experience Manager | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vu... |