|
751
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit…
Update
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-41346
|
2026-04-29 23:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Disco…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41348
|
2026-04-29 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-41349
|
2026-04-29 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Reject synchronizing vCPU state to its associated VM…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31593
|
2026-04-29 23:29 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
epf_ntb_epc_destroy() duplicates the teardown that the caller is
…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31594
|
2026-04-29 23:27 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Disable the delayed work before clearing BAR mappings a…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31595
|
2026-04-29 23:22 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: handle invalid dinode in ocfs2_group_extend
[BUG]
kernel BUG at fs/ocfs2/resize.c:308!
Oops: invalid opcode: 0000 [#1] SMP…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31596
|
2026-04-29 23:18 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerabi…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34003
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to…
Update
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-34001
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger …
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33999
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
