CVE ID :CVE-2026-7420 Published : April 29, 2026, 11:16 p.m. | 1 hour, 1 minute ago Description :A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function…
CVE-2026-7419 – UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
CVE ID :CVE-2026-7419 Published : April 29, 2026, 11:16 p.m. | 1 hour, 1 minute ago Description :A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy…
CVE-2026-7418 – UTT HiPER 1250GW NTP strcpy buffer overflow
CVE ID :CVE-2026-7418 Published : April 29, 2026, 10:16 p.m. | 2 hours, 1 minute ago Description :A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy…
CVE-2026-7426 – Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
CVE ID :CVE-2026-7426 Published : April 29, 2026, 8:16 p.m. | 4 hours, 1 minute ago Description :Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and…
CVE-2026-34965 – Cockpit CMS Authenticated Remote Code Execution via Collections
CVE ID :CVE-2026-34965 Published : April 29, 2026, 8:16 p.m. | 4 hours, 1 minute ago Description :Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers…
CVE-2026-42167 – ProFTPD mod_sql Remote Code Execution Vulnerability
CVE ID :CVE-2026-42167 Published : April 28, 2026, 11:16 p.m. | 1 hour ago Description :mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where…
CVE-2026-41446 – WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
CVE ID :CVE-2026-41446 Published : April 28, 2026, 10:16 p.m. | 1 hour, 59 minutes ago Description :Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints…
CVE-2026-42431 – OpenClaw < 2026.4.8 – Persistent Profile Mutation via node.invoke(browser.proxy) Bypass
CVE ID :CVE-2026-42431 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles….
CVE-2026-42426 – OpenClaw < 2026.4.8 – Improper Authorization in node.pair.approve via operator.write Scope
CVE ID :CVE-2026-42426 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of…
CVE-2026-42422 – OpenClaw < 2026.4.8 – Role Bypass in device.token.rotate Function
CVE ID :CVE-2026-42422 Published : April 28, 2026, 7:37 p.m. | 4 hours, 38 minutes ago Description :OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for…