|
4741
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Disable the delayed work before clearing BAR mappings a…
|
NVD-CWE-noinfo
|
CVE-2026-31595
|
2026-04-29 23:22 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4742
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: handle invalid dinode in ocfs2_group_extend
[BUG]
kernel BUG at fs/ocfs2/resize.c:308!
Oops: invalid opcode: 0000 [#1] SMP…
|
NVD-CWE-noinfo
|
CVE-2026-31596
|
2026-04-29 23:18 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4743
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerabi…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34003
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4744
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to…
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-34001
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4745
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33999
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4746
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
filemap_fault() may drop the mmap_lock before returning VM_FAULT_R…
|
CWE-416
Use After Free
|
CVE-2026-31597
|
2026-04-29 23:15 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4747
|
5.3 |
MEDIUM
Adjacent
|
opentelemetry
|
opentelemetry
|
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol (OTLP), the exporter may parse a server-provide…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40891
|
2026-04-29 23:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4748
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41356
|
2026-04-29 23:08 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4749
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable …
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-41361
|
2026-04-29 23:08 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4750
|
3.3 |
LOW
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve…
|
CWE-214
Invocation of Process Using Visible Sensitive Information
|
CVE-2026-41357
|
2026-04-29 22:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
