CVE ID :CVE-2026-40281 Published : May 6, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write…
CVE-2026-44118 – OpenClaw < 2026.4.22 – Owner Context Spoofing via Bearer Token Header
CVE ID :CVE-2026-44118 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner…
CVE-2026-44116 – OpenClaw < 2026.4.22 – Server-Side Request Forgery in Zalo Photo URL Validation
CVE ID :CVE-2026-44116 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin’s sendPhoto function that fails…
CVE-2026-44115 – OpenClaw < 2026.4.22 – Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist
CVE ID :CVE-2026-44115 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies….
CVE-2026-44114 – OpenClaw < 2026.4.20 – Environment Variable Namespace Collision via Workspace dotenv
CVE ID :CVE-2026-44114 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing…
CVE-2026-40075 – OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet
CVE ID :CVE-2026-40075 Published : May 5, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and…
CVE-2026-39852 – Quarkus authorization bypass via semicolon path normalization inconsistency
CVE ID :CVE-2026-39852 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1,…
CVE-2026-39849 – Pi-hole FTL remote code execution via newline injection in dns.interface configuration
CVE ID :CVE-2026-39849 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before…
CVE-2026-35579 – CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CVE ID :CVE-2026-35579 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH,…
CVE-2026-7857 – D-Link DI-8100 CGI user_group.asp sprintf buffer overflow
CVE ID :CVE-2026-7857 Published : May 5, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the…