|
1001
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A ma…
New
|
CWE-22
Path Traversal
|
CVE-2026-41589
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
- |
|
-
|
-
|
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and …
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41586
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-43572
|
2026-05-8 01:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can expl…
Update
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43571
|
2026-05-8 01:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Atta…
Update
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-43570
|
2026-05-8 01:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: validate connector number in ucsi_notify_common()
The connector number extracted from CCI via UCSI_CCI_CONNECTO…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-31729
|
2026-05-8 01:02 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization c…
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-43535
|
2026-05-8 01:01 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting up…
Update
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2026-43531
|
2026-05-8 00:59 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-43530
|
2026-05-8 00:57 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can injec…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-37503
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
