|
521
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
When processing the header of an incoming message, libnv failed to properly validate the message size.
The lack of validation allows a malicious program to write outside the bounds of a heap allocat…
|
CWE-122
CWE-130
Heap-based Buffer Overflow
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-35547
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
- |
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages.
Under certain circumstances this exploit could b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-22167
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
- |
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro…
|
CWE-416
Use After Free
|
CVE-2026-22165
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
7.7 |
HIGH
Network
|
getoutline
|
outline
|
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41649
|
2026-05-2 00:54 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-41386
|
2026-05-2 00:52 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-41385
|
2026-05-2 00:52 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configur…
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2026-41384
|
2026-05-2 00:52 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWork…
|
CWE-22
Path Traversal
|
CVE-2026-41383
|
2026-05-2 00:52 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stal…
|
CWE-862
Missing Authorization
|
CVE-2026-41382
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers ca…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41381
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
