|
5221
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable …
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-41361
|
2026-04-29 23:08 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5222
|
3.3 |
LOW
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve…
|
CWE-214
Invocation of Process Using Visible Sensitive Information
|
CVE-2026-41357
|
2026-04-29 22:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5223
|
5.9 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry
|
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if t…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40182
|
2026-04-29 22:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5224
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence setti…
|
CWE-269
Improper Privilege Management
|
CVE-2026-41359
|
2026-04-29 22:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5225
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng…
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5265
|
2026-04-29 22:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5226
|
9.8 |
CRITICAL
Network
|
apache
|
pony_mail
|
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.
This issue affects all …
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41873
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5227
|
2.7 |
LOW
Network
|
github
|
enterprise_server
|
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3307
|
2026-04-29 21:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5228
|
8.8 |
HIGH
Network
|
github
|
enterprise_server
|
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party …
|
CWE-185
Incorrect Regular Expression
|
CVE-2026-4296
|
2026-04-29 21:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5229
|
7.2 |
HIGH
Network
|
github
|
enterprise_server
|
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands…
|
CWE-78
OS Command
|
CVE-2026-4821
|
2026-04-29 21:36 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5230
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobil…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-5512
|
2026-04-29 21:35 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
