CVE ID :CVE-2026-39386 Published : April 21, 2026, 1:16 a.m. | 48 minutes ago Description :Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through…
CVE-2026-41329 – OpenClaw < 2026.3.31 – Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation
CVE ID :CVE-2026-41329 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and…
CVE-2026-41303 – OpenClaw < 2026.3.28 – Authorization Bypass in Discord Text Approval Commands
CVE ID :CVE-2026-41303 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve…
CVE-2026-41296 – OpenClaw < 2026.3.31 – Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
CVE ID :CVE-2026-41296 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox…
CVE-2026-41295 – OpenClaw < 2026.4.2 – Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup
CVE ID :CVE-2026-41295 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in…
CVE-2026-41294 – OpenClaw < 2026.3.28 – Environment Variable Injection via CWD .env File
CVE ID :CVE-2026-41294 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection….
CVE-2026-6581 – H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow
CVE ID :CVE-2026-6581 Published : April 19, 2026, 11:16 p.m. | 41 minutes ago Description :A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function…
CVE-2026-6563 – H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow
CVE ID :CVE-2026-6563 Published : April 19, 2026, 9:16 a.m. | 14 hours, 41 minutes ago Description :A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the…
CVE-2026-6560 – H3C Magic B0 aspForm Edit_BasicSSID buffer overflow
CVE ID :CVE-2026-6560 Published : April 19, 2026, 7:16 a.m. | 16 hours, 41 minutes ago Description :A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the…
CVE-2026-41242 – protobufjs has an arbitrary code execution issue
CVE ID :CVE-2026-41242 Published : April 18, 2026, 5:16 p.m. | 7 hours, 25 minutes ago Description :protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can…