|
721
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigatio…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42436
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attack…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-42435
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42434
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42433
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Att…
New
|
CWE-79
Cross-site Scripting
|
CVE-2023-54349
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious …
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2023-54348
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers c…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2023-54347
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file path…
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2023-54346
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
8.8 |
HIGH
Network
|
-
|
-
|
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr…
New
|
CWE-94
Code Injection
|
CVE-2023-54345
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface.…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54344
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
