|
131
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41356
|
2026-04-29 23:08 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable …
Update
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-41361
|
2026-04-29 23:08 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
3.3 |
LOW
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve…
Update
|
CWE-214
Invocation of Process Using Visible Sensitive Information
|
CVE-2026-41357
|
2026-04-29 22:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
5.9 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry
|
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if t…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40182
|
2026-04-29 22:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence setti…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-41359
|
2026-04-29 22:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security s…
New
|
CWE-416
Use After Free
|
CVE-2026-7363
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
New
|
CWE-416
Use After Free
|
CVE-2026-7352
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …
New
|
CWE-416
Use After Free
|
CVE-2026-7350
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
8.1 |
HIGH
Network
|
-
|
-
|
Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-7347
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
8.1 |
HIGH
Network
|
-
|
-
|
Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hi…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-7346
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
