|
101
|
8.8 |
HIGH
Network
|
sailpoint
|
identityiq
|
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-5712
|
2026-05-5 21:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
7.1 |
HIGH
Local
|
dell
|
dell\/alienware_purchased_apps
|
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
Update
|
CWE-59
Link Following
|
CVE-2026-27105
|
2026-05-5 21:37 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat…
New
|
CWE-22
Path Traversal
|
CVE-2026-6262
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
8.8 |
HIGH
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6261
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers …
New
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-43574
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact wi…
New
|
CWE-862
CWE-918
Missing Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-43573
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass …
New
|
CWE-862
Missing Authorization
|
CVE-2026-43572
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can expl…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43571
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Atta…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-43570
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shado…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43569
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
