|
411
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass.
This issue affects Pardus: …
New
|
CWE-93
CRLF Injection
|
CVE-2026-5140
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
- |
|
-
|
-
|
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
New
|
-
|
CVE-2026-36841
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
9.8 |
CRITICAL
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an opti…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62373
|
2026-04-30 00:00 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
6.1 |
MEDIUM
Network
|
cure53
|
dompurify
|
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TA…
Update
|
CWE-79
CWE-183
Cross-site Scripting
Permissive List of Allowed Inputs
|
CVE-2026-41240
|
2026-04-29 23:58 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
The -EBUSY handling in tls_do_encryption(), introduced by c…
Update
|
CWE-416
Use After Free
|
CVE-2026-31533
|
2026-04-29 23:51 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit…
Update
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-41346
|
2026-04-29 23:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Disco…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41348
|
2026-04-29 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-41349
|
2026-04-29 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Reject synchronizing vCPU state to its associated VM…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31593
|
2026-04-29 23:29 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
epf_ntb_epc_destroy() duplicates the teardown that the caller is
…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31594
|
2026-04-29 23:27 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
