CVE ID :CVE-2026-41064 Published : April 22, 2026, 12:16 a.m. | 1 hour, 49 minutes ago Description :WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete…
CVE-2026-5921 – Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack
CVE ID :CVE-2026-5921 Published : April 21, 2026, 11:16 p.m. | 49 minutes ago Description :A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract…
CVE-2026-4821 – Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API
CVE ID :CVE-2026-4821 Published : April 21, 2026, 11:16 p.m. | 49 minutes ago Description :An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management…
CVE-2026-41058 – AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
CVE ID :CVE-2026-41058 Published : April 21, 2026, 11:16 p.m. | 49 minutes ago Description :WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo’s…
CVE-2026-41056 – AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover
CVE ID :CVE-2026-41056 Published : April 21, 2026, 11:16 p.m. | 49 minutes ago Description :WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php`…
CVE-2026-41055 – AVideo has an incomplete fix for CVE-2026-33039 (SSRF)
CVE ID :CVE-2026-41055 Published : April 21, 2026, 11:16 p.m. | 49 minutes ago Description :WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in…
CVE-2026-39386 – Neko has Self-service Privilege Escalation for Authenticated Users
CVE ID :CVE-2026-39386 Published : April 21, 2026, 1:16 a.m. | 48 minutes ago Description :Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through…
CVE-2026-41329 – OpenClaw < 2026.3.31 – Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation
CVE ID :CVE-2026-41329 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and…
CVE-2026-41303 – OpenClaw < 2026.3.28 – Authorization Bypass in Discord Text Approval Commands
CVE ID :CVE-2026-41303 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve…
CVE-2026-41296 – OpenClaw < 2026.3.31 – Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
CVE ID :CVE-2026-41296 Published : April 20, 2026, 11:08 p.m. | 56 minutes ago Description :OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox…