|
901
|
7.0 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-34596
|
2026-05-8 04:45 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attacker…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-44112
|
2026-05-8 04:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with…
New
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-44111
|
2026-05-8 04:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can exe…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44110
|
2026-05-8 04:41 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptK…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-44109
|
2026-05-8 04:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-reso…
New
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2026-43585
|
2026-05-8 04:36 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup …
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-43584
|
2026-05-8 04:36 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy
Buffer size used in dma allocation and memcpy is wrong.
It can lead to und…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31743
|
2026-05-8 04:36 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group too…
New
|
CWE-862
Missing Authorization
|
CVE-2026-43583
|
2026-05-8 04:36 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attacker…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43582
|
2026-05-8 04:35 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
