|
5911
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group too…
|
CWE-862
Missing Authorization
|
CVE-2026-43583
|
2026-05-8 04:36 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5912
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attacker…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43582
|
2026-05-8 04:35 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5913
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PM: EM: Fix NULL pointer dereference when perf domain ID is not found
dev_energymodel_nl_get_perf_domains_doit() calls
em_perf_do…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31744
|
2026-05-8 04:33 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5914
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
reset: gpio: fix double free in reset_add_gpio_aux_device() error path
When __auxiliary_device_add() fails, reset_add_gpio_aux_de…
|
CWE-415
Double Free
|
CVE-2026-31745
|
2026-05-8 04:31 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5915
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
s390/zcrypt: Fix memory leak with CCA cards used as accelerator
Tests showed that there is a memory leak if CCA cards are used as…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31746
|
2026-05-8 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5916
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: me4000: Fix potential overrun of firmware buffer
`me4000_xilinx_download()` loads the firmware that was requested by
`req…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31747
|
2026-05-8 04:26 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5917
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: me_daq: Fix potential overrun of firmware buffer
`me2600_xilinx_download()` loads the firmware that was requested by
`req…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31748
|
2026-05-8 04:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5918
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: ni_atmio16d: Fix invalid clean-up after failed attach
If the driver's COMEDI "attach" handler function (`atmio16d_attach(…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31749
|
2026-05-8 04:18 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5919
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenS…
|
CWE-248
Uncaught Exception
|
CVE-2026-37554
|
2026-05-8 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5920
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: runflags cannot determine whether to reclaim chanlist
syzbot reported a memory leak [1], because commit 4e1da516debb ("co…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31750
|
2026-05-8 04:13 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
