CVE ID :CVE-2026-42167 Published : April 28, 2026, 11:16 p.m. | 1 hour ago Description :mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where…
CVE-2026-41446 – WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
CVE ID :CVE-2026-41446 Published : April 28, 2026, 10:16 p.m. | 1 hour, 59 minutes ago Description :Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints…
CVE-2026-42431 – OpenClaw < 2026.4.8 – Persistent Profile Mutation via node.invoke(browser.proxy) Bypass
CVE ID :CVE-2026-42431 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles….
CVE-2026-42426 – OpenClaw < 2026.4.8 – Improper Authorization in node.pair.approve via operator.write Scope
CVE ID :CVE-2026-42426 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of…
CVE-2026-42422 – OpenClaw < 2026.4.8 – Role Bypass in device.token.rotate Function
CVE ID :CVE-2026-42422 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for…
CVE-2026-27785 – Milesight Cameras Use of Hard-coded Credentials
CVE ID :CVE-2026-27785 Published : April 27, 2026, 11:38 p.m. | 36 minutes ago Description :Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. Severity: 8.8 | HIGH Visit the link…
CVE-2026-40976 – “Spring Boot Default Web Security Bypass”
CVE ID :CVE-2026-40976 Published : April 27, 2026, 11:34 p.m. | 40 minutes ago Description :In certain circumstances, Spring Boot’s default web security is ineffective allowing unauthorized access to all endpoints. For an…
CVE-2026-41371 – OpenClaw < 2026.3.28 – Privilege Escalation via chat.send Reset Command
CVE ID :CVE-2026-41371 Published : April 27, 2026, 11:24 p.m. | 50 minutes ago Description :OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only…
CVE-2026-41364 – OpenClaw < 2026.3.31 – Arbitrary File Write via Symlink Following in SSH Sandbox Tar Upload
CVE ID :CVE-2026-41364 Published : April 27, 2026, 11:24 p.m. | 50 minutes ago Description :OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to…
CVE-2026-7160 – Tenda HG3 formTracert command injection
CVE ID :CVE-2026-7160 Published : April 27, 2026, 10:16 p.m. | 1 hour, 58 minutes ago Description :A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file…