CVE ID :CVE-2026-41478 Published : April 24, 2026, 9:16 p.m. | 2 hours, 55 minutes ago Description :Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a…
CVE-2026-41473 – CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints
CVE ID :CVE-2026-41473 Published : April 24, 2026, 9:16 p.m. | 2 hours, 55 minutes ago Description :CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that…
CVE-2026-41248 – Official Clerk JavaScript SDKs: Middleware-based route protection bypass
CVE ID :CVE-2026-41248 Published : April 24, 2026, 9:16 p.m. | 2 hours, 55 minutes ago Description :Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can…
CVE-2026-41503 – BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser
CVE ID :CVE-2026-41503 Published : April 24, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,…
CVE-2026-41502 – BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder
CVE ID :CVE-2026-41502 Published : April 24, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,…
CVE-2026-40630 – SenseLive X3050 Authentication bypass using an alternate path or channel
CVE ID :CVE-2026-40630 Published : April 23, 2026, 11:45 p.m. | 24 minutes ago Description :A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper…
CVE-2026-41353 – OpenClaw < 2026.3.22 – allowProfiles Bypass via Profile Mutation and Runtime Selection
CVE ID :CVE-2026-41353 Published : April 23, 2026, 10:16 p.m. | 1 hour, 53 minutes ago Description :OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to…
CVE-2026-41352 – OpenClaw < 2026.3.31 – Remote Code Execution via Node Scope Gate Bypass
CVE ID :CVE-2026-41352 Published : April 23, 2026, 10:16 p.m. | 1 hour, 53 minutes ago Description :OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node…
CVE-2026-41349 – OpenClaw < 2026.3.28 – Agentic Consent Bypass via config.patch
CVE ID :CVE-2026-41349 Published : April 23, 2026, 10:16 p.m. | 1 hour, 53 minutes ago Description :OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval…
CVE-2026-41336 – OpenClaw < 2026.3.31 – Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override
CVE ID :CVE-2026-41336 Published : April 23, 2026, 10:16 p.m. | 1 hour, 53 minutes ago Description :OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled…