|
401
|
5.5 |
MEDIUM
Local
|
uutils
|
coreutils
|
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-35380
|
2026-04-30 00:57 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component…
Update
|
CWE-351
Insufficient Type Distinction
|
CVE-2026-41341
|
2026-04-30 00:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
8.1 |
HIGH
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-41342
|
2026-04-30 00:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41344
|
2026-04-30 00:52 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
10.0 |
CRITICAL
Network
|
voidzero
|
vite\+
|
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41211
|
2026-04-30 00:49 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
7.8 |
HIGH
Local
|
parzivalhack
|
pyspector
|
PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to preve…
Update
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41206
|
2026-04-30 00:48 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
5.4 |
MEDIUM
Network
|
siemvk
|
openlearn
|
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-41243
|
2026-04-30 00:39 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but…
Update
|
CWE-416
Use After Free
|
CVE-2026-31532
|
2026-04-30 00:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_se…
New
|
CWE-22
Path Traversal
|
CVE-2026-7384
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus …
New
|
CWE-59
Link Following
|
CVE-2026-5161
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
