|
851
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers …
Update
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-43574
|
2026-05-8 02:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
7.7 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact wi…
Update
|
CWE-862
CWE-918
Missing Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-43573
|
2026-05-8 02:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_subset: Fix net_device lifecycle with device_move
The net_device is allocated during function instance creation an…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31723
|
2026-05-8 02:03 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_eem: Fix net_device lifecycle with device_move
The net_device is allocated during function instance creation and
r…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31724
|
2026-05-8 02:00 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ecm: Fix net_device lifecycle with device_move
The net_device is allocated during function instance creation and
r…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31725
|
2026-05-8 01:58 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled
If the gmac0 is disabled, the precheck for a valid ingress device…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31736
|
2026-05-8 01:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
8.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iommupt: Fix short gather if the unmap goes into a large mapping
unmap has the odd behavior that it can unmap more than requested…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31735
|
2026-05-8 01:52 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU
Since commit 8e4f0b1ebcf2 ("bpf: use rcu_read_lock_d…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31734
|
2026-05-8 01:50 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix stale direct dispatch state in ddsp_dsq_id
@p->scx.ddsp_dsq_id can be left set (non-SCX_DSQ_INVALID) triggering a
…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31733
|
2026-05-8 01:44 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
5.7 |
MEDIUM
Network
|
hcltech
|
bigfix_service_management
|
HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.
Update
|
CWE-352
Origin Validation Error
|
CVE-2025-31957
|
2026-05-8 01:35 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
