|
1791
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39482
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1792
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without…
|
CWE-78
OS Command
|
CVE-2026-35022
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1793
|
7.8 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting ma…
|
CWE-78
OS Command
|
CVE-2026-35021
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1794
|
8.4 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitr…
|
CWE-78
OS Command
|
CVE-2026-35020
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1795
|
4.7 |
MEDIUM
Local
|
amd
|
athlon_x4_750_firmware
athlon_x4_760k_firmware
athlon_x4_830_firmware
athlon_x4_840_firmware
athlon_x4_860k_firmware
athlon_x4_870k_firmware
athlon_x4_880k_firmware
athlon_x4_835…
|
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target
from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
|
NVD-CWE-noinfo
|
CVE-2022-27672
|
2026-04-14 05:16 |
2023-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1796
|
3.1 |
LOW
Network
|
libssh
redhat
|
libssh
enterprise_linux
|
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-0968
|
2026-04-14 05:15 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1797
|
3.1 |
LOW
Network
|
libssh
redhat
|
libssh
enterprise_linux
|
Se encontró una falla en libssh en la que un servidor SFTP (Protocolo de Transferencia de Archivos SSH) malicioso puede explotar esto enviando un campo 'longname' malformado dentro de un mensaje 'SSH…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-0968
|
2026-04-14 05:15 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1798
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped cl…
|
CWE-862
Missing Authorization
|
CVE-2026-35621
|
2026-04-14 05:14 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1799
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execut…
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-35643
|
2026-04-14 04:59 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1800
|
6.5 |
MEDIUM
Network
|
linkwhisper
|
link_whisper
|
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-1900
|
2026-04-14 04:52 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
