|
641
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-28747
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.
Affected: Spring Boot 4.0.0–4.0.5 (fix …
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40971
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A succ…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24178
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
8.8 |
HIGH
Network
|
-
|
-
|
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerabil…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24186
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
6.5 |
MEDIUM
Network
|
-
|
-
|
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-24204
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
8.6 |
HIGH
Network
|
-
|
-
|
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that cause…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24222
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
6.3 |
MEDIUM
Local
|
-
|
-
|
NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-24231
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
9.4 |
CRITICAL
Network
|
-
|
-
|
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needi…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3893
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
6.1 |
MEDIUM
Local
|
-
|
-
|
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUI…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-41373
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41375
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
