|
501
|
10.0 |
CRITICAL
ネットワーク
|
-
|
-
|
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
New
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2026-33819
|
2026-04-24 23:41 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
10.0 |
CRITICAL
ネットワーク
|
-
|
-
|
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
New
|
CWE-918
サーバサイドリクエストフォージェリ
|
CVE-2026-35431
|
2026-04-24 23:41 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
5.3 |
MEDIUM
ローカル
|
-
|
-
|
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro…
New
|
CWE-184
不完全なブラックリスト
|
CVE-2026-41332
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
3.7 |
LOW
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e…
New
|
CWE-799
インタラクション頻度の不適切な制御
|
CVE-2026-41333
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized …
New
|
CWE-636
安全でない失敗処理
|
CVE-2026-41334
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv…
New
|
CWE-497
認可されていない制御領域への重要情報の漏えい
|
CVE-2026-41335
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
7.8 |
HIGH
ローカル
|
-
|
-
|
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted…
New
|
CWE-829
信頼性のない制御領域からの機能の組み込み
|
CVE-2026-41336
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態
|
CVE-2026-41337
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
5.0 |
MEDIUM
ローカル
|
-
|
-
|
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態
|
CVE-2026-41338
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths…
New
|
CWE-497
認可されていない制御領域への重要情報の漏えい
|
CVE-2026-41339
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
511
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp…
New
|
CWE-372
不完全な内部状態の区別
|
CVE-2026-41340
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component…
New
|
CWE-351
不十分な型の区別
|
CVE-2026-41341
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
7.3 |
HIGH
隣接
|
-
|
-
|
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att…
New
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-41342
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
514
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook e…
New
|
CWE-799
インタラクション頻度の不適切な制御
|
CVE-2026-41343
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
515
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack…
New
|
CWE-863
不正な認証
|
CVE-2026-41344
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
516
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by…
New
|
CWE-522
認証情報の不十分な保護
|
CVE-2026-41345
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit…
New
|
CWE-799
インタラクション頻度の不適切な制御
|
CVE-2026-41346
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
518
|
7.1 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by s…
New
|
CWE-352
同一生成元ポリシー違反
|
CVE-2026-41347
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Disco…
New
|
CWE-863
不正な認証
|
CVE-2026-41348
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to …
New
|
CWE-862
認証の欠如
|
CVE-2026-41349
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
521
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invoc…
New
|
CWE-863
不正な認証
|
CVE-2026-41350
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-enc…
New
|
CWE-294
Capture-replayによる認証回避
|
CVE-2026-41351
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials …
New
|
CWE-862
認証の欠如
|
CVE-2026-41352
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and…
New
|
CWE-472
不変と仮定される Web パラメータの外部制御
|
CVE-2026-41353
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
3.7 |
LOW
ネットワーク
|
-
|
-
|
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers ca…
New
|
CWE-706
誤って解決された名前や参照の使用
|
CVE-2026-41354
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
7.3 |
HIGH
ローカル
|
-
|
-
|
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute …
New
|
CWE-829
信頼性のない制御領域からの機能の組み込み
|
CVE-2026-41355
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing…
New
|
CWE-613
不適切なセッション期限
|
CVE-2026-41356
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
3.3 |
LOW
ローカル
|
-
|
-
|
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve…
New
|
CWE-214
重要な情報を使用しているプロセスの呼び出し
|
CVE-2026-41357
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through …
New
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-41358
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
7.1 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence setti…
New
|
CWE-269
不適切な権限管理
|
CVE-2026-41359
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
531
|
6.7 |
MEDIUM
ローカル
|
-
|
-
|
OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態
|
CVE-2026-41360
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.1 |
HIGH
ネットワーク
|
-
|
-
|
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable …
New
|
CWE-184
不完全なブラックリスト
|
CVE-2026-41361
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
4.3 |
MEDIUM
ネットワーク
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user cou…
Update
|
CWE-285
不適切な認可
|
CVE-2026-40305
|
2026-04-24 23:40 |
2026-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, iden…
New
|
CWE-306
重要な機能に対する認証の欠如 解説
|
CVE-2026-35064
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath…
New
|
CWE-798
ハードコードされた認証情報の使用
|
CVE-2026-35503
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device…
New
|
CWE-522
認証情報の不十分な保護
|
CVE-2026-39462
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication…
New
|
CWE-319
重要な情報の平文での送信
|
CVE-2026-40431
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…
New
|
CWE-306
重要な機能に対する認証の欠如 解説
|
CVE-2026-40620
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
A vulnerability in
SenseLive
X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc…
New
|
CWE-288
代替パスまたはチャネルを使用した認証回避
|
CVE-2026-40630
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inad…
New
|
CWE-862
認証の欠如
|
CVE-2026-40623
|
2026-04-24 23:40 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
541
|
6.5 |
MEDIUM
隣接
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
New
|
CWE-843
型の取り違え
|
CVE-2026-6732
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
4.9 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers a…
New
|
CWE-807
セキュリティ決定の信頼できない入力への依存
|
CVE-2026-1789
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability exists in SenseLive
X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requi…
New
|
CWE-613
不適切なセッション期限
|
CVE-2026-25720
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-re…
New
|
CWE-306
重要な機能に対する認証の欠如 解説
|
CVE-2026-25775
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application do…
New
|
CWE-352
同一生成元ポリシー違反
|
CVE-2026-27841
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
9.1 |
CRITICAL
ネットワーク
|
-
|
-
|
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By apply…
New
|
CWE-306
重要な機能に対する認証の欠如 解説
|
CVE-2026-27843
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-f…
New
|
CWE-307
過度な認証試行の不適切な制限
|
CVE-2026-6947
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
New
|
CWE-131
正しくないバッファサイズ計算
|
CVE-2026-1949
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.
New
|
CWE-121
スタックオーバーフロー
|
CVE-2026-1950
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Delta Electronics AS320T has no checking of the length of the buffer with the directory name
vulnerability.
New
|
CWE-121
スタックオーバーフロー
|
CVE-2026-1951
|
2026-04-24 23:39 |
2026-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
