|
2511
|
7.3 |
HIGH
Network
|
-
|
-
|
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
|
-
|
CVE-2026-5172
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
9.6 |
CRITICAL
Network
|
electerm_project
|
electerm
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links…
|
CWE-20
CWE-94
CWE-829
Improper Input Validation
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43944
|
2026-05-13 23:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
5.3 |
MEDIUM
Local
|
wellbia
|
xigncode3
|
Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS.
Cr…
|
NVD-CWE-noinfo
|
CVE-2026-3609
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
7.3 |
HIGH
Network
|
-
|
-
|
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-co…
|
-
|
CVE-2026-2291
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
7.3 |
HIGH
Network
|
-
|
-
|
Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.
Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities s…
|
-
|
CVE-2022-4988
|
2026-05-13 23:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-45006
|
2026-05-13 23:14 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
6.0 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook r…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2026-45005
|
2026-05-13 23:14 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution.…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-45004
|
2026-05-13 23:13 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
5.0 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime…
|
CWE-441
Confused Deputy
|
CVE-2026-45003
|
2026-05-13 23:13 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally inf…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45002
|
2026-05-13 23:13 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
