|
1221
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
When the nl80211 socket that originated a PMSR request is
closed, …
|
-
|
CVE-2026-31548
|
2026-04-28 00:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1222
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: always keep track of remap prev/next
During 3D workload, user is reporting hitting:
[ 413.361679] WARNING: drivers/gpu/…
|
-
|
CVE-2026-31479
|
2026-04-28 00:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1223
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
After this commit (e2b76ab8b5c9 "ksmbd: add supp…
|
-
|
CVE-2026-31478
|
2026-04-28 00:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1224
|
8.8 |
HIGH
Network
|
paperclip
|
paperclipai
|
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability th…
|
CWE-78
OS Command
|
CVE-2026-41208
|
2026-04-28 00:14 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1225
|
10.0 |
CRITICAL
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without saniti…
|
CWE-94
Code Injection
|
CVE-2026-40911
|
2026-04-28 00:12 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1226
|
9.8 |
CRITICAL
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/…
|
CWE-89
SQL Injection
|
CVE-2026-33078
|
2026-04-28 00:10 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1227
|
9.9 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can e…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-41329
|
2026-04-28 00:09 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1228
|
7.2 |
HIGH
Network
|
espocrm
|
espocrm
|
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass t…
|
CWE-23
Relative Path Traversal
|
CVE-2026-33733
|
2026-04-28 00:08 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1229
|
4.4 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass sec…
|
CWE-453
Insecure Default Variable Initialization
|
CVE-2026-41330
|
2026-04-28 00:08 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1230
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers…
|
CWE-408
Incorrect Behavior Order: Early Amplification
|
CVE-2026-41331
|
2026-04-28 00:08 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
