CVE.report search for "CVE-2026-6414"
Listed below are 50 relevant search results for "CVE-2026-6414" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-41389 | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... | ||
| CVE-2026-41331 | OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows... | ||
| CVE-2026-41330 | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly ... | ||
| CVE-2026-41329 | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat con... | ||
| CVE-2026-41303 | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-ap... | ||
| CVE-2026-41302 | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | ||
| CVE-2026-41301 | OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress pa... | ||
| CVE-2026-41300 | OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboa... | ||
| CVE-2026-41299 | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only prove... | ||
| CVE-2026-41298 | OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HT... | ||
| CVE-2026-41297 | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | ||
| CVE-2026-41296 | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile functi... | ||
| CVE-2026-41295 | OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to ex... | ||
| CVE-2026-41294 | OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing envi... | ||
| CVE-2026-41113 | sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | ||
| CVE-2026-40931 | Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies o... | ||
| CVE-2026-40922 | B3log | Siyuan | SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar... |
| CVE-2026-40878 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web i... | ||
| CVE-2026-40875 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboar... | ||
| CVE-2026-40874 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator ... | ||
| CVE-2026-40873 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine de... | ||
| CVE-2026-40872 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboa... | ||
| CVE-2026-40871 | mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order S... | ||
| CVE-2026-40706 | In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows ... | ||
| CVE-2026-40492 | SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior ... | ||
| CVE-2026-40261 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulne... | ||
| CVE-2026-40250 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | ||
| CVE-2026-40244 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | ||
| CVE-2026-40217 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_c... | ||
| CVE-2026-40199 | Stigtsp | Net | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ip... |
| CVE-2026-40198 | Stigtsp | Net | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6(... |
| CVE-2026-40050 | CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050)... | ||
| CVE-2026-40045 | OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over... | ||
| CVE-2026-40037 | Openclaw | Openclaw | OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allow... |
| CVE-2026-40036 | Ryandfir | Unfurl | Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attac... |
| CVE-2026-39886 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | ||
| CVE-2026-39883 | Opentelemetry | Opentelemetry | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Dar... |
| CVE-2026-39370 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacke... | ||
| CVE-2026-39323 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a dupli... | ||
| CVE-2026-39317 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a dupli... | ||
| CVE-2026-35670 | Openclaw | Openclaw | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to uni... |
| CVE-2026-35669 | Openclaw | Openclaw | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that inco... |
| CVE-2026-35668 | Openclaw | Openclaw | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read ar... |
| CVE-2026-35667 | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killPr... | ||
| CVE-2026-35666 | Openclaw | Openclaw | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/ti... |
| CVE-2026-35665 | Openclaw | Openclaw | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodi... |
| CVE-2026-35664 | Openclaw | Openclaw | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recip... |
| CVE-2026-35663 | Openclaw | Openclaw | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader ... |
| CVE-2026-35662 | Openclaw | Openclaw | OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message c... |
| CVE-2026-35661 | Openclaw | Openclaw | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows atta... |