|
1941
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped cl…
|
CWE-862
Missing Authorization
|
CVE-2026-35621
|
2026-04-14 05:14 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1942
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execut…
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-35643
|
2026-04-14 04:59 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1943
|
6.5 |
MEDIUM
Network
|
linkwhisper
|
link_whisper
|
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-1900
|
2026-04-14 04:52 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1944
|
6.3 |
MEDIUM
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can e…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-35659
|
2026-04-14 04:21 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1945
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go cau…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6200
|
2026-04-14 04:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1946
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. …
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6199
|
2026-04-14 04:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1947
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-b…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6198
|
2026-04-14 04:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1948
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-4116
|
2026-04-14 04:16 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1949
|
7.2 |
HIGH
Network
|
-
|
-
|
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2026-4113
|
2026-04-14 04:16 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1950
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a mali…
|
CWE-400
CWE-662
Uncontrolled Resource Consumption
Improper Synchronization
|
CVE-2026-39865
|
2026-04-14 04:16 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
