|
21
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/platform/uv: Handle deconfigured sockets
When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes
a pan…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31542
|
2026-04-29 03:48 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying
When debug logging is enabled, read_key_from_user_keying() …
Update
|
NVD-CWE-noinfo
|
CVE-2026-31543
|
2026-04-29 03:46 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attacke…
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-41362
|
2026-04-29 03:46 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can e…
New
|
CWE-22
Path Traversal
|
CVE-2026-41363
|
2026-04-29 03:46 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archi…
New
|
CWE-59
Link Following
|
CVE-2026-41364
|
2026-04-29 03:45 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
5.5 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper me…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41366
|
2026-04-29 03:45 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.0 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component action…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41367
|
2026-04-29 03:45 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using …
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-41368
|
2026-04-29 03:44 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers…
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-41369
|
2026-04-29 03:44 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate targ…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41371
|
2026-04-29 03:44 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
