| medium |
CVE-2026-29197 — In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end… |
vulnerability |
nvd |
CVE-2026-29197 |
|
2026-04-24 |
| medium |
CVE-2026-29050 — melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a… |
vulnerability |
nvd |
CVE-2026-29050, CVE-2026-29051 |
|
2026-04-24 |
| critical |
CVE-2026-27843 — A vulnerability exists in SenseLive X3050's web management interface that allows critical configurat… |
vulnerability |
nvd |
CVE-2026-27843 |
|
2026-04-24 |
| high |
CVE-2026-27841 — A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be… |
vulnerability |
nvd |
CVE-2026-27841 |
|
2026-04-24 |
| critical |
CVE-2026-25775 — A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update… |
vulnerability |
nvd |
CVE-2026-25775 |
|
2026-04-24 |
| medium |
CVE-2026-25720 — A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetim… |
vulnerability |
nvd |
CVE-2026-25720 |
|
2026-04-24 |
| medium |
CVE-2026-1789 — A vulnerability in the browser-based remote management interface may allow an administrator to acces… |
vulnerability |
nvd |
CVE-2026-1789 |
|
2026-04-24 |
| high |
CVE-2025-29635 — D-Link DIR-823X Command Injection Vulnerability |
vulnerability |
cisa-kev |
CVE-2025-29635 |
|
2026-04-24 |
| medium |
CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte… |
vulnerability |
nvd |
CVE-2026-6732 |
|
2026-04-23 |
| high |
CVE-2026-41361 — OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6… |
vulnerability |
nvd |
CVE-2026-41361 |
|
2026-04-23 |
| medium |
CVE-2026-41360 — OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind… |
vulnerability |
nvd |
CVE-2026-41360 |
|
2026-04-23 |
| high |
CVE-2026-41359 — OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated opera… |
vulnerability |
nvd |
CVE-2026-41359 |
|
2026-04-23 |
| medium |
CVE-2026-41358 — OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allo… |
vulnerability |
nvd |
CVE-2026-41358 |
|
2026-04-23 |
| low |
CVE-2026-41357 — OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbo… |
vulnerability |
nvd |
CVE-2026-41357 |
|
2026-04-23 |
| medium |
CVE-2026-41356 — OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens.… |
vulnerability |
nvd |
CVE-2026-41356 |
|
2026-04-23 |
| high |
CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that co… |
vulnerability |
nvd |
CVE-2026-41355 |
|
2026-04-23 |
| low |
CVE-2026-41354 — OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe… |
vulnerability |
nvd |
CVE-2026-41354 |
ransomware |
2026-04-23 |
| high |
CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles featu… |
vulnerability |
nvd |
CVE-2026-41353 |
|
2026-04-23 |
| high |
CVE-2026-41352 — OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node… |
vulnerability |
nvd |
CVE-2026-41352 |
rce |
2026-04-23 |
| medium |
CVE-2026-41351 — OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature hand… |
vulnerability |
nvd |
CVE-2026-41351 |
ransomware |
2026-04-23 |
| medium |
CVE-2026-41350 — OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_statu… |
vulnerability |
nvd |
CVE-2026-41350 |
|
2026-04-23 |
| high |
CVE-2026-41349 — OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to si… |
vulnerability |
nvd |
CVE-2026-41349 |
|
2026-04-23 |
| medium |
CVE-2026-41348 — OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command an… |
vulnerability |
nvd |
CVE-2026-41348 |
|
2026-04-23 |
| high |
CVE-2026-41347 — OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating… |
vulnerability |
nvd |
CVE-2026-41347 |
|
2026-04-23 |
| medium |
CVE-2026-41346 — OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead o… |
vulnerability |
nvd |
CVE-2026-41346 |
|
2026-04-23 |
| medium |
CVE-2026-41345 — OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionali… |
vulnerability |
nvd |
CVE-2026-41345 |
|
2026-04-23 |
| medium |
CVE-2026-41344 — OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint th… |
vulnerability |
nvd |
CVE-2026-41344 |
|
2026-04-23 |
| medium |
CVE-2026-41343 — OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path… |
vulnerability |
nvd |
CVE-2026-41343 |
|
2026-04-23 |
| high |
CVE-2026-41342 — OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding c… |
vulnerability |
nvd |
CVE-2026-41342 |
|
2026-04-23 |
| medium |
CVE-2026-41341 — OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that miscl… |
vulnerability |
nvd |
CVE-2026-41341 |
|
2026-04-23 |
| medium |
CVE-2026-41340 — OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy al… |
vulnerability |
nvd |
CVE-2026-41340 |
|
2026-04-23 |
| medium |
CVE-2026-41339 — OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapsho… |
vulnerability |
nvd |
CVE-2026-41339 |
|
2026-04-23 |
| medium |
CVE-2026-41338 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operati… |
vulnerability |
nvd |
CVE-2026-41338 |
|
2026-04-23 |
| medium |
CVE-2026-41337 — OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call repl… |
vulnerability |
nvd |
CVE-2026-41337 |
ransomware |
2026-04-23 |
| high |
CVE-2026-41336 — OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR env… |
vulnerability |
nvd |
CVE-2026-41336 |
|
2026-04-23 |
| medium |
CVE-2026-41335 — OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface… |
vulnerability |
nvd |
CVE-2026-41335 |
|
2026-04-23 |
| medium |
CVE-2026-41334 — OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails… |
vulnerability |
nvd |
CVE-2026-41334 |
|
2026-04-23 |
| low |
CVE-2026-41333 — OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows… |
vulnerability |
nvd |
CVE-2026-41333 |
|
2026-04-23 |
| medium |
CVE-2026-41332 — OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP… |
vulnerability |
nvd |
CVE-2026-41332 |
|
2026-04-23 |
| critical |
CVE-2026-35431 — Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz… |
vulnerability |
nvd |
CVE-2026-35431 |
|
2026-04-23 |
| critical |
CVE-2026-33819 — Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code… |
vulnerability |
nvd |
CVE-2026-33819 |
|
2026-04-23 |
| critical |
CVE-2026-33102 — Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker… |
vulnerability |
nvd |
CVE-2026-33102 |
|
2026-04-23 |
| critical |
CVE-2026-32210 — Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke… |
vulnerability |
nvd |
CVE-2026-32210 |
|
2026-04-23 |
| high |
CVE-2026-32172 — Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute… |
vulnerability |
nvd |
CVE-2026-32172 |
|
2026-04-23 |
| low |
CVE-2026-2708 — A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_… |
vulnerability |
nvd |
CVE-2026-2708 |
|
2026-04-23 |
| critical |
CVE-2026-26210 — KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve ba… |
vulnerability |
nvd |
CVE-2026-26210 |
|
2026-04-23 |
| high |
CVE-2026-26150 — Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p… |
vulnerability |
nvd |
CVE-2026-26150 |
|
2026-04-23 |
| critical |
CVE-2026-24303 — Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile… |
vulnerability |
nvd |
CVE-2026-24303 |
|
2026-04-23 |
| unknown |
Vercel attack fallout expands to more customers and third-party systems |
news |
general-news |
|
|
2026-04-23 |
| unknown |
Hackers exploit file upload bug in Breeze Cache WordPress plugin |
news |
general-news |
|
|
2026-04-23 |