|
531
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same mess…
Update
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2026-41402
|
2026-05-1 02:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-s…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41400
|
2026-05-1 02:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
- |
|
-
|
-
|
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.…
New
|
CWE-611
XXE
|
CVE-2025-14543
|
2026-05-1 02:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-4670
|
2026-05-1 02:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
7.7 |
HIGH
Network
|
-
|
-
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-1 02:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-1 02:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
New
|
CWE-78
OS Command
|
CVE-2025-71284
|
2026-05-1 02:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
7.5 |
HIGH
Network
|
-
|
-
|
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t…
New
|
CWE-22
Path Traversal
|
CVE-2022-50992
|
2026-05-1 02:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicio…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2022-50993
|
2026-05-1 02:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
8.8 |
HIGH
Network
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-36960
|
2026-05-1 02:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
