|
531
|
6.7 |
MEDIUM
Local
|
-
|
-
|
OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41360
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.1 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable …
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41361
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
4.3 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user cou…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-40305
|
2026-04-24 23:40 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, iden…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35064
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-35503
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
8.1 |
HIGH
Network
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39462
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-40431
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40620
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in
SenseLive
X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40630
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
8.1 |
HIGH
Network
|
-
|
-
|
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inad…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40623
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
