CVE.report search for "CVE-2026-40878"
Listed below are 50 relevant search results for "CVE-2026-40878" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-45321 | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published... | ||
| CVE-2026-45191 | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, whic... | ||
| CVE-2026-45190 | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ... | ||
| CVE-2026-45006 | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.pat... | ||
| CVE-2026-45005 | OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain ... | ||
| CVE-2026-45004 | OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads ... | ||
| CVE-2026-45003 | OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and... | ||
| CVE-2026-45002 | OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allo... | ||
| CVE-2026-45001 | OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply end... | ||
| CVE-2026-45000 | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips str... | ||
| CVE-2026-44999 | OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-tr... | ||
| CVE-2026-44998 | OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent config... | ||
| CVE-2026-44997 | OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn... | ||
| CVE-2026-44996 | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fail... | ||
| CVE-2026-44995 | OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuratio... | ||
| CVE-2026-44994 | OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that al... | ||
| CVE-2026-44993 | OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies ... | ||
| CVE-2026-44992 | OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv... | ||
| CVE-2026-44991 | OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to ... | ||
| CVE-2026-44987 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions c... | ||
| CVE-2026-44742 | Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploi... | ||
| CVE-2026-44603 | Torproject | Tor | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
| CVE-2026-44602 | Torproject | Tor | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
| CVE-2026-44601 | Torproject | Tor | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a c... |
| CVE-2026-44600 | Torproject | Tor | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010... |
| CVE-2026-44599 | Torproject | Tor | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
| CVE-2026-44597 | Torproject | Tor | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka ... |
| CVE-2026-44497 | Zfnd | Zebra-script | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fi... |
| CVE-2026-44413 | In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access | ||
| CVE-2026-44365 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a dupli... | ||
| CVE-2026-44334 | Praison | Praisonai | PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py a... |
| CVE-2026-44118 | Openclaw | Openclaw | OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. N... |
| CVE-2026-44117 | Openclaw | Openclaw | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL va... |
| CVE-2026-44116 | Openclaw | Openclaw | OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that f... |
| CVE-2026-44115 | Openclaw | Openclaw | OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted hered... |
| CVE-2026-44114 | Openclaw | Openclaw | OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv f... |
| CVE-2026-44113 | Openclaw | Openclaw | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows ... |
| CVE-2026-44112 | Openclaw | Openclaw | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that all... |
| CVE-2026-44111 | Openclaw | Openclaw | OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows ca... |
| CVE-2026-44110 | Openclaw | Openclaw | OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that tr... |
| CVE-2026-44109 | Openclaw | Openclaw | OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that a... |
| CVE-2026-43874 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSoc... | ||
| CVE-2026-43585 | Openclaw | Openclaw | OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid aft... |
| CVE-2026-43584 | Openclaw | Openclaw | OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy... |
| CVE-2026-43583 | Openclaw | Openclaw | OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay.... |
| CVE-2026-43582 | Openclaw | Openclaw | OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attac... |
| CVE-2026-43581 | Openclaw | Openclaw | OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Ch... |
| CVE-2026-43580 | Openclaw | Openclaw | OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation w... |
| CVE-2026-43579 | Openclaw | Openclaw | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allo... |
| CVE-2026-43578 | Openclaw | Openclaw | OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade det... |