CVE ID :CVE-2026-44115 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies….
CVE-2026-44114 – OpenClaw < 2026.4.20 – Environment Variable Namespace Collision via Workspace dotenv
CVE ID :CVE-2026-44114 Published : May 6, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing…
CVE-2026-40075 – OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet
CVE ID :CVE-2026-40075 Published : May 5, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and…
CVE-2026-39852 – Quarkus authorization bypass via semicolon path normalization inconsistency
CVE ID :CVE-2026-39852 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1,…
CVE-2026-39849 – Pi-hole FTL remote code execution via newline injection in dns.interface configuration
CVE ID :CVE-2026-39849 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before…
CVE-2026-35579 – CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CVE ID :CVE-2026-35579 Published : May 5, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH,…
CVE-2026-7857 – D-Link DI-8100 CGI user_group.asp sprintf buffer overflow
CVE ID :CVE-2026-7857 Published : May 5, 2026, 8:16 p.m. | 4 hours, 4 minutes ago Description :A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the…
CVE-2026-7791 – Amazon WorkSpaces for Windows Skylight Workspace Config Service Privilege Escalation
CVE ID :CVE-2026-7791 Published : May 4, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces…
CVE-2026-42238 – Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
CVE ID :CVE-2026-42238 Published : May 4, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui…
CVE-2026-42222 – nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
CVE ID :CVE-2026-42222 Published : May 4, 2026, 9:16 p.m. | 3 hours, 4 minutes ago Description :Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated…