CVE.report search for "CVE-2026-46140"
Listed below are 50 relevant search results for "CVE-2026-46140" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-48843 | Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) saniti... | ||
| CVE-2026-48696 | Pavel-odintsov | Fastnetmon | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-... |
| CVE-2026-48172 | Litespeedtech | Litespeed Cpanel Plugin | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May... |
| CVE-2026-48027 | Nx | Nx Console | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at... |
| CVE-2026-47323 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy ... | ||
| CVE-2026-46740 | Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were n... | ||
| CVE-2026-46728 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a h... | ||
| CVE-2026-46113 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpe... | ||
| CVE-2026-45913 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdb_n_entries for vlan... | ||
| CVE-2026-45370 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py pas... | ||
| CVE-2026-45321 | Tanstack | Tanstack/arktype-adapter | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published... |
| CVE-2026-45318 | Openwebui | Open Webui | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his adviso... |
| CVE-2026-45207 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected ... | ||
| CVE-2026-45206 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected ... | ||
| CVE-2026-45191 | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, whic... | ||
| CVE-2026-45190 | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ... | ||
| CVE-2026-45109 | Vercel | Next.js | Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found... |
| CVE-2026-45006 | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.pat... | ||
| CVE-2026-45005 | OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain ... | ||
| CVE-2026-45004 | OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads ... | ||
| CVE-2026-45003 | OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and... | ||
| CVE-2026-45002 | OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allo... | ||
| CVE-2026-45001 | OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply end... | ||
| CVE-2026-45000 | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips str... | ||
| CVE-2026-44999 | OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-tr... | ||
| CVE-2026-44998 | OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent config... | ||
| CVE-2026-44997 | OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn... | ||
| CVE-2026-44996 | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fail... | ||
| CVE-2026-44995 | OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuratio... | ||
| CVE-2026-44994 | OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that al... | ||
| CVE-2026-44993 | OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies ... | ||
| CVE-2026-44992 | OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv... | ||
| CVE-2026-44991 | OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to ... | ||
| CVE-2026-44987 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions c... | ||
| CVE-2026-44888 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endp... | ||
| CVE-2026-44887 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configurati... | ||
| CVE-2026-44886 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web applica... | ||
| CVE-2026-44742 | Postorius Project | Postorius | Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploi... |
| CVE-2026-44664 | fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML ... | ||
| CVE-2026-44603 | Torproject | Tor | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
| CVE-2026-44602 | Torproject | Tor | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
| CVE-2026-44601 | Torproject | Tor | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a c... |
| CVE-2026-44600 | Torproject | Tor | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010... |
| CVE-2026-44599 | Torproject | Tor | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
| CVE-2026-44597 | Torproject | Tor | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka ... |
| CVE-2026-44589 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in [email protected] t... | ||
| CVE-2026-44547 | ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The harde... | ||
| CVE-2026-44497 | Zfnd | Zebra-script | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fi... |
| CVE-2026-44478 | hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthen... | ||
| CVE-2026-44418 | EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in Eccle... | ||