|
101
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit…
Update
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-41346
|
2026-04-29 23:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Disco…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41348
|
2026-04-29 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-41349
|
2026-04-29 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Reject synchronizing vCPU state to its associated VM…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31593
|
2026-04-29 23:29 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
epf_ntb_epc_destroy() duplicates the teardown that the caller is
…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31594
|
2026-04-29 23:27 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Disable the delayed work before clearing BAR mappings a…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31595
|
2026-04-29 23:22 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: handle invalid dinode in ocfs2_group_extend
[BUG]
kernel BUG at fs/ocfs2/resize.c:308!
Oops: invalid opcode: 0000 [#1] SMP…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31596
|
2026-04-29 23:18 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
New
|
CWE-416
Use After Free
|
CVE-2026-7361
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
3.1 |
LOW
Network
|
-
|
-
|
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-7360
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-416
Use After Free
|
CVE-2026-7355
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
