|
1171
|
4.9 |
MEDIUM
Network
|
powerdns
|
recursor
|
If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-33601
|
2026-04-28 01:58 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33254
|
2026-04-28 01:58 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature vali…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41301
|
2026-04-28 01:56 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoint…
|
CWE-372
Incomplete Internal State Distinction
|
CVE-2026-41300
|
2026-04-28 01:56 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket han…
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-41299
|
2026-04-28 01:56 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by s…
|
CWE-862
Missing Authorization
|
CVE-2026-41298
|
2026-04-28 01:56 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
7.3 |
HIGH
Network
|
tenda
|
w30e_firmware
|
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary …
|
CWE-77
Command Injection
|
CVE-2026-38834
|
2026-04-28 01:44 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
9.8 |
CRITICAL
Network
|
tenda
|
w30e_firmware
|
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to…
|
CWE-77
Command Injection
|
CVE-2026-38835
|
2026-04-28 01:44 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
7.8 |
HIGH
Local
|
deepcool
|
deepcreative
|
Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file
|
CWE-277
Insecure Inherited Permissions
|
CVE-2026-30266
|
2026-04-28 01:42 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41302
|
2026-04-28 00:26 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
