|
381
|
6.5 |
MEDIUM
Network
|
-
|
-
|
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-24204
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
8.6 |
HIGH
Network
|
-
|
-
|
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that cause…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24222
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
6.3 |
MEDIUM
Local
|
-
|
-
|
NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-24231
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
9.4 |
CRITICAL
Network
|
-
|
-
|
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needi…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3893
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
6.1 |
MEDIUM
Local
|
-
|
-
|
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUI…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-41373
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger …
New
|
CWE-408
Incorrect Behavior Order: Early Amplification
|
CVE-2026-41374
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41375
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
5.4 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root …
New
|
CWE-346
Origin Validation Error
|
CVE-2026-41376
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
4.6 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install unt…
New
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-41377
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attacker…
New
|
CWE-862
Missing Authorization
|
CVE-2026-41378
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
