|
731
|
- |
|
-
|
-
|
Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an au…
New
|
-
|
CVE-2026-38991
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user i…
New
|
-
|
CVE-2026-38949
|
2026-04-30 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the uns…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-37750
|
2026-04-30 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
7.5 |
HIGH
Network
|
-
|
-
|
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36837
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char…
Update
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-35379
|
2026-04-30 00:59 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
5.5 |
MEDIUM
Local
|
uutils
|
coreutils
|
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-35380
|
2026-04-30 00:57 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component…
Update
|
CWE-351
Insufficient Type Distinction
|
CVE-2026-41341
|
2026-04-30 00:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
8.1 |
HIGH
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-41342
|
2026-04-30 00:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41344
|
2026-04-30 00:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
10.0 |
CRITICAL
Network
|
voidzero
|
vite\+
|
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41211
|
2026-04-30 00:49 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
