Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,968 tracked vulnerabilities.

CVE-2026-26956 CRITICAL

vm2: WASM Sandbox Escape (Node 25 only)

CVE-2026-26332 CRITICAL

vm2: Sandbox Escape

CVE-2026-24781 CRITICAL

vm2: Sandbox Breakout Through Inspect

CVE-2026-24120 CRITICAL

vm2: Sandbox Breakout Through Promise Species

CVE-2026-24118 CRITICAL

VM2 Sandbox Breakout Through __lookupGetter__

CVE-2026-7645 MEDIUM

ruvnet sublinear-time-solver MCP server.js export_state path traversal

CVE-2026-7600 MEDIUM

ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection

CVE-2026-7446 HIGH

VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection

CVE-2026-42615 HIGH

GCHQ CyberChef < 11.0.0 - Cross-Site Scripting via Show Base64 Offsets

CVE-2026-42432 HIGH

OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass

CVE-2026-42431 HIGH

OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass

CVE-2026-42430 MEDIUM

OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling

CVE-2026-42429 HIGH

OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication

CVE-2026-42428 HIGH

OpenClaw < 2026.4.8 - Missing Integrity Verification in Package Downloads

CVE-2026-42427 MEDIUM

OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection

CVE-2026-42426 HIGH

OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope

CVE-2026-42424 MEDIUM

OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths

CVE-2026-42423 HIGH

OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback

CVE-2026-42422 HIGH

OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

CVE-2026-42421 MEDIUM

OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation

CVE-2026-42420 MEDIUM

OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation

CVE-2026-41916 MEDIUM

OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

CVE-2026-41915 MEDIUM

OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

CVE-2026-41914 HIGH

OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths

CVE-2026-41913 LOW

OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts

Previous Page 8 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy