Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-53862 | 2026-06-16 | N/A | 4.2 MEDIUM | ||
| OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits. | |||||
| CVE-2026-53847 | 2026-06-16 | N/A | 5.4 MEDIUM | ||
| OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope. | |||||
| CVE-2026-39470 | 2026-06-15 | N/A | 7.2 HIGH | ||
| Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions. | |||||
| CVE-2026-49083 | 2026-06-15 | N/A | 7.5 HIGH | ||
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | |||||
| CVE-2026-27407 | 2026-06-15 | N/A | 7.2 HIGH | ||
| Editor Privilege Escalation in AI Engine <= 3.4.9 versions. | |||||
| CVE-2026-48889 | 2026-06-15 | N/A | 8.8 HIGH | ||
| Subscriber Privilege Escalation in Amelia <= 2.3 versions. | |||||
| CVE-2026-34901 | 2026-06-15 | N/A | 9.8 CRITICAL | ||
| Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | |||||
| CVE-2026-39579 | 2026-06-15 | N/A | 8.8 HIGH | ||
| Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. | |||||
| CVE-2026-49063 | 2026-06-15 | N/A | 7.3 HIGH | ||
| Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | |||||
| CVE-2026-49780 | 2026-06-15 | N/A | 8.8 HIGH | ||
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | |||||
| CVE-2026-39583 | 2026-06-15 | N/A | 9.8 CRITICAL | ||
| Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | |||||
| CVE-2026-39587 | 2026-06-15 | N/A | 8.1 HIGH | ||
| Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | |||||
| CVE-2026-42368 | 1 Geovision | 4 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 1 more | 2026-06-15 | N/A | 9.9 CRITICAL |
| A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. | |||||
| CVE-2026-49111 | 2026-06-15 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0. | |||||
| CVE-2026-12201 | 2026-06-15 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-12213 | 2026-06-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-12217 | 2026-06-15 | 6.8 MEDIUM | 7.8 HIGH | ||
| A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-12212 | 2026-06-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-53814 | 1 Openclaw | 1 Openclaw | 2026-06-12 | N/A | 8.3 HIGH |
| OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications. | |||||
| CVE-2026-49060 | 2026-06-12 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | |||||