Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,968 tracked vulnerabilities.

CVE-2026-35645 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

CVE-2026-35640 MEDIUM

OpenClaw < 2026.3.25 - Denial of Service via Unauthenticated Webhook Request Parsing

CVE-2026-35639 HIGH

OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

CVE-2026-35637 HIGH

OpenClaw < 2026.3.22 - Premature Cite Expansion Before Authorization in Channel and DM

CVE-2026-35635 MEDIUM

OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

CVE-2026-35634 MEDIUM

OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway

CVE-2026-35633 MEDIUM

OpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error Responses

CVE-2026-35632 HIGH

OpenClaw < 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update

CVE-2026-35629 HIGH

OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

CVE-2026-35628 MEDIUM

OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting

CVE-2026-35627 MEDIUM

OpenClaw < 2026.3.22 - Unauthenticated Cryptographic Work in Nostr Inbound DM Handling

CVE-2026-35626 MEDIUM

OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook

CVE-2026-35624 MEDIUM

OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

CVE-2026-35623 MEDIUM

OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting

CVE-2026-35622 MEDIUM

OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook

CVE-2026-35618 MEDIUM

OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

CVE-2026-35617 MEDIUM

OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName

CVE-2026-39983 HIGH

FTP Command Injection via CRLF in basic-ftp

CVE-2026-39315 MEDIUM

Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

CVE-2026-39974 HIGH

n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode

CVE-2026-39943 MEDIUM

Directus exposes sensitive fields in revision history

CVE-2026-39942 HIGH

Directus has a Path Traversal and Broken Access Control in File Management API

CVE-2026-35041 MEDIUM

ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

CVE-2026-35040 MEDIUM

fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)

CVE-2026-5842 HIGH

decolua 9router Administrative API Endpoint api authorization

Previous Page 16 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy