|
5801
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component…
|
CWE-351
Insufficient Type Distinction
|
CVE-2026-41341
|
2026-04-30 00:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5802
|
8.1 |
HIGH
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att…
|
CWE-346
Origin Validation Error
|
CVE-2026-41342
|
2026-04-30 00:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5803
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41344
|
2026-04-30 00:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5804
|
10.0 |
CRITICAL
Network
|
voidzero
|
vite\+
|
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A…
|
CWE-22
Path Traversal
|
CVE-2026-41211
|
2026-04-30 00:49 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5805
|
7.8 |
HIGH
Local
|
parzivalhack
|
pyspector
|
PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to preve…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41206
|
2026-04-30 00:48 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5806
|
5.4 |
MEDIUM
Network
|
siemvk
|
openlearn
|
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but …
|
CWE-284
Improper Access Control
|
CVE-2026-41243
|
2026-04-30 00:39 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5807
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but…
|
CWE-416
Use After Free
|
CVE-2026-31532
|
2026-04-30 00:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5808
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_se…
|
CWE-22
Path Traversal
|
CVE-2026-7384
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5809
|
- |
|
-
|
-
|
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
|
-
|
CVE-2026-36841
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5810
|
9.8 |
CRITICAL
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an opti…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62373
|
2026-04-30 00:00 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
