|
11
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted…
Update
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-41336
|
2026-04-29 03:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv…
Update
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41335
|
2026-04-29 03:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized …
Update
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-41334
|
2026-04-29 03:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
3.7 |
LOW
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e…
Update
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-41333
|
2026-04-29 03:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-41352
|
2026-04-29 03:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available
The logic off managing recv credits by counting posted recv_…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31539
|
2026-04-29 03:54 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
We have recently observed a number of subvolumes with broken dentries.
…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31519
|
2026-04-29 03:54 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Check set_default_submission() before deferencing
When the i915 driver firmware binaries are not present, the
set_de…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31540
|
2026-04-29 03:52 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
7.5 |
HIGH
Network
|
joinmastodon
|
mastodon
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and perfo…
Update
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-41259
|
2026-04-29 03:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix trace_marker copy link list updates
When the "copy_trace_marker" option is enabled for an instance, anything
written…
Update
|
CWE-416
Use After Free
|
CVE-2026-31541
|
2026-04-29 03:50 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
