|
961
|
5.8 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image U…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44117
|
2026-05-8 02:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-44118
|
2026-05-8 02:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.5 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-40195
|
2026-05-8 02:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
6.5 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-40197
|
2026-05-8 02:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
6.5 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
New
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-40251
|
2026-05-8 02:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
5.0 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request a…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35527
|
2026-05-8 02:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
8.3 |
HIGH
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing in…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-30151
|
2026-05-8 02:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
5.3 |
MEDIUM
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-31960
|
2026-05-8 02:05 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a cr…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7957
|
2026-05-8 02:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration witho…
New
|
CWE-862
Missing Authorization
|
CVE-2026-43579
|
2026-05-8 02:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
