|
611
|
8.8 |
HIGH
Network
|
-
|
-
|
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by …
New
|
CWE-78
OS Command
|
CVE-2026-42215
|
2026-05-8 04:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
8.8 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration re…
New
|
CWE-93
CRLF Injection
|
CVE-2026-34458
|
2026-05-8 04:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results i…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8083
|
2026-05-8 04:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
3.3 |
LOW
Local
|
-
|
-
|
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8084
|
2026-05-8 04:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
8.8 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilit…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-34459
|
2026-05-8 04:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
7.0 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-34596
|
2026-05-8 04:45 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attacker…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-44112
|
2026-05-8 04:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with…
New
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-44111
|
2026-05-8 04:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can exe…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44110
|
2026-05-8 04:41 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptK…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-44109
|
2026-05-8 04:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
