|
1161
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attack…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-42435
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries …
|
CWE-863
Incorrect Authorization
|
CVE-2026-42434
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can…
|
CWE-862
Missing Authorization
|
CVE-2026-42433
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Att…
|
CWE-79
Cross-site Scripting
|
CVE-2023-54349
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2023-54348
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers c…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2023-54347
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file path…
|
CWE-538
File and Directory Information Exposure
|
CVE-2023-54346
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
8.8 |
HIGH
Network
|
-
|
-
|
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr…
|
CWE-94
Code Injection
|
CVE-2023-54345
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54344
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54342
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
