CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
OpenClaw before version 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file paths to import file content into wiki memory, bypassing access restrictions.
OpenClaw before version 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation.
OpenClaw before version 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions.
Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability in the getRedirectURL function that constructs the OAuth2 callback URL without validating the Host header. This can lead to host header injection.
Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability that allows the creation of long-lived WebSocket streams without limits. Two endpoints, POST /api/v1/terminal and POST /api/v1/file, lack user rate limits and server connection caps.
Nezha Monitoring versions from 2.0.14 to before 2.1.0 allows accepting and persisting nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, it can lead to the use of the other user's DDNS profile configuration in the context of the attacker's server.
Nezha Monitoring is a tool for monitoring servers and websites. In versions from 2.0.14 to before 2.1.0, authenticated users can claim the dashboard Host through NAT, allowing them to preempt all dashboard routing.
Nezha Monitoring is a tool for monitoring servers and websites. In versions from 2.0.0 to before 2.0.14, private services were enumerable via per-server endpoints, leaking name and timing data.
Nezha Monitoring before version 2.0.10 allows authenticated users to create or update a DDNS profile with any webhook_url, leading to an SSRF vulnerability. Low-privileged users can send HTTP requests to internal network services.
Nezha Monitoring versions from 1.4.0 to before 2.0.9 allow authenticated non-admin users to access the server-status WebSocket and receive telemetry data for all servers, including those owned by other users.
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. This could lead to image corruption or GPU hardware recovery.
A SQL injection vulnerability has been identified in CodeAstro Human Resource Management System 1.0 within the Payroll Invoice module. The flaw exists in the Invoice function of Payroll.php, where the ID argument is susceptible to manipulation. Remote exploitation is possible, and a public exploit is available.
A stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process.
CVE-2025-7018 involves a null pointer dereference vulnerability in the Avira Antivirus engine when scanning a malformed Windows PE file, potentially leading to a Denial-of-Service of the antivirus engine process.
A stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process.
The vulnerability in Avast Antivirus involves the use of stack memory after it has been freed when scanning a malformed Windows PE file, which may lead to a denial-of-service of the antivirus process.
There is an uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file, which may lead to a Denial-of-Service of the antivirus process.
A vulnerability in MISP allows an authenticated user with event edit permissions to manipulate form data and assign an event to a sharing group they are not authorized to use. The issue occurs in the event editing path that does not enforce proper authorization checks.
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.user_id value from the submitted request data, allowing enumeration of user email addresses.
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler, allowing an attacker to execute arbitrary JavaScript in the victim's browser.

