|
1261
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: validate connector number in ucsi_notify_common()
The connector number extracted from CCI via UCSI_CCI_CONNECTO…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-31729
|
2026-05-8 01:02 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization c…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-43535
|
2026-05-8 01:01 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting up…
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2026-43531
|
2026-05-8 00:59 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43530
|
2026-05-8 00:57 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can injec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-37503
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissi…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-37504
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
4.9 |
MEDIUM
Network
|
-
|
-
|
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) wit…
|
CWE-89
SQL Injection
|
CVE-2026-37505
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
8.4 |
HIGH
Local
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-37552
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.
|
CWE-89
SQL Injection
|
CVE-2026-42475
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42480
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
