CVE-2026-5146

Same vendor

• CVE-2026-10787 — Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metad... (4.3 MEDIUM)
• CVE-2026-10786 — Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain... (6.5 MEDIUM)
• CVE-2026-10544 — Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an auth... (6.5 MEDIUM)
• CVE-2026-9590 — Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user w... (5.3 MEDIUM)
• CVE-2026-9522 — Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user wit... (5.4 MEDIUM)

Same CWE

• CVE-2026-53821 — OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy au... (8.8 HIGH)
• CVE-2026-53820 — OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authen... (6.6 MEDIUM)
• CVE-2026-48119 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.1 HIGH)
• CVE-2026-47120 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.1 HIGH)
• CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)