|
771
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root …
|
CWE-346
Origin Validation Error
|
CVE-2026-41376
|
2026-05-2 00:50 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41375
|
2026-05-2 00:47 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
6.1 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUI…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-41373
|
2026-05-2 00:46 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
- |
|
-
|
-
|
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APR…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42996
|
2026-05-2 00:37 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
4.8 |
MEDIUM
Network
|
-
|
-
|
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data process…
|
CWE-909
Missing Initialization of Resource
|
CVE-2026-40687
|
2026-05-2 00:33 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35514
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export ro…
|
CWE-284
Improper Access Control
|
CVE-2026-40595
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40600
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query with…
|
CWE-862
Missing Authorization
|
CVE-2026-40601
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return…
|
CWE-284
Improper Access Control
|
CVE-2026-40603
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
