CVE ID :CVE-2026-42880 Published : May 7, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11…
CVE-2026-7891 – Mendix Studio Pro Anonymous User Role Inheritance Authorization Bypass
CVE ID :CVE-2026-7891 Published : May 7, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to…
CVE-2026-42826 – Azure DevOps Information Disclosure Vulnerability
CVE ID :CVE-2026-42826 Published : May 7, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose…
CVE-2026-41105 – Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
CVE ID :CVE-2026-41105 Published : May 7, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a…
CVE-2026-35435 – Azure AI Foundry Elevation of Privilege Vulnerability
CVE ID :CVE-2026-35435 Published : May 7, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges…
CVE-2026-40281 – Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values
CVE ID :CVE-2026-40281 Published : May 6, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write…
CVE-2026-44118 – OpenClaw < 2026.4.22 – Owner Context Spoofing via Bearer Token Header
CVE ID :CVE-2026-44118 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner…
CVE-2026-44116 – OpenClaw < 2026.4.22 – Server-Side Request Forgery in Zalo Photo URL Validation
CVE ID :CVE-2026-44116 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin’s sendPhoto function that fails…
CVE-2026-44115 – OpenClaw < 2026.4.22 – Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist
CVE ID :CVE-2026-44115 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies….
CVE-2026-44114 – OpenClaw < 2026.4.20 – Environment Variable Namespace Collision via Workspace dotenv
CVE ID :CVE-2026-44114 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing…