|
71
|
- |
|
-
|
-
|
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to tri…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-2810
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char…
Update
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-35379
|
2026-04-30 00:59 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
5.5 |
MEDIUM
Local
|
uutils
|
coreutils
|
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-35380
|
2026-04-30 00:57 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component…
Update
|
CWE-351
Insufficient Type Distinction
|
CVE-2026-41341
|
2026-04-30 00:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
8.1 |
HIGH
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-41342
|
2026-04-30 00:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41344
|
2026-04-30 00:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
10.0 |
CRITICAL
Network
|
voidzero
|
vite\+
|
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41211
|
2026-04-30 00:49 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
7.8 |
HIGH
Local
|
parzivalhack
|
pyspector
|
PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to preve…
Update
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41206
|
2026-04-30 00:48 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
5.4 |
MEDIUM
Network
|
siemvk
|
openlearn
|
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-41243
|
2026-04-30 00:39 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but…
Update
|
CWE-416
Use After Free
|
CVE-2026-31532
|
2026-04-30 00:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
