|
3861
|
7.3 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace con…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-44995
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3862
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att…
|
CWE-862
Missing Authorization
|
CVE-2026-44994
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3863
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-44993
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3864
|
5.0 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax…
|
CWE-441
Confused Deputy
|
CVE-2026-44992
|
2026-05-13 23:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3865
|
4.2 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are co…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44991
|
2026-05-13 23:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3866
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5.…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28940
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3867
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
|
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-28952
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3868
|
6.5 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, vision…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-28956
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3869
|
4.9 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
|
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-28967
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3870
|
6.5 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, ma…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-28972
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
