|
1101
|
6.3 |
MEDIUM
Local
|
flatpak
|
flatpak-builder
|
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source direct…
|
CWE-22
Path Traversal
|
CVE-2026-39977
|
2026-04-17 05:52 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1102
|
5.1 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer t…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-35634
|
2026-04-17 05:51 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1103
|
8.8 |
HIGH
Network
|
openplcproject
|
openplc_v3_firmware
|
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying the…
|
CWE-862
Missing Authorization
|
CVE-2026-35063
|
2026-04-17 05:49 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1104
|
7.5 |
HIGH
Network
|
openplcproject
|
openplc_v3_firmware
|
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-35556
|
2026-04-17 05:49 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1105
|
5.3 |
MEDIUM
Network
|
langchain
|
langchain_core
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prom…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-40087
|
2026-04-17 05:48 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1106
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sa…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-35636
|
2026-04-17 05:48 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1107
|
9.6 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LL…
|
CWE-78
OS Command
|
CVE-2026-40088
|
2026-04-17 05:40 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1108
|
9.8 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] …
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-5187
|
2026-04-17 05:39 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1109
|
9.1 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-5194
|
2026-04-17 05:37 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1110
|
4.4 |
MEDIUM
Local
|
helm
|
helm
|
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's c…
|
CWE-22
Path Traversal
|
CVE-2026-35206
|
2026-04-17 05:36 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
