|
631
|
- |
|
-
|
-
|
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
New
|
-
|
CVE-2026-8389
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
- |
|
-
|
-
|
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
New
|
-
|
CVE-2026-8390
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
- |
|
-
|
-
|
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
New
|
-
|
CVE-2026-8391
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
4.2 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are co…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44991
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
5.0 |
MEDIUM
Local
|
-
|
-
|
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax…
New
|
CWE-441
Confused Deputy
|
CVE-2026-44992
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
5.4 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-44993
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44994
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.3 |
HIGH
Local
|
-
|
-
|
OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace con…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-44995
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
3.7 |
LOW
Network
|
-
|
-
|
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag…
New
|
CWE-22
Path Traversal
|
CVE-2026-44996
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
4.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, contro…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-44997
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
