2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-35639 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. CVSSv3.1 8.8 (HIGH)

CWECWE 648VNDOpenclawTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-35638 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35638

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. CVSSv3.1 8.8 (HIGH)

CWECWE 286VNDOpenclawTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-34512 — OpenClaw: before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34512

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions. CVSSv3.1 8.1 (HIGH)

CWECWE 863VNDOpenclawTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-33785 — Authorization: A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33785

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Secu CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
CRIT

CVE-2026-33784 — Use: A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33784

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all vers CVSSv3.1 9.8 (CRITICAL)

CWECWE 1393TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2025-13914 — Key: A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1. CVSSv3.1 8.7 (HIGH)

CWECWE 322TYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 21:16Z
HIGH

CVE-2026-5980 — This manipulation of the argument curTime causes buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5980

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-09
2026-04-09 21:16Z
HIGH

CVE-2026-5979 — The manipulation of the argument curTime results in buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 21:16Z
CRIT

CVE-2026-5978 — The manipulation of the argument mode leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5978

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 21:16Z
CRIT

CVE-2026-5977 — Executing a manipulation of the argument wifiOff can lead to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5977

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 21:16Z
HIGH

CVE-2026-40093 — Nimiq Nimiq_proof-of-stake: nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40093

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Pol CVSSv3.1 8.1 (HIGH) · EPSS 20th percentile

CWECWE 1284VNDNimiqTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 21:16Z
HIGH

CVE-2023-54359 — WordPress: adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-54359

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDWordpressTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 20:43Z
INFO

v9.0.0-rc4

BloodHound releases·github.com

BloodHound v9.0.0-rc4 release candidate published with minor bug fixes and dependency updates. Changes include UI navigation scrolling fixes, history table height adjustments, AzureHound version bump, Go 1.26.2 upgrade, and module updates.

VNDBloodhoundVNDSpecter OpsTYPTool
15
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2026-5976 — Performing a manipulation of the argument sambaEnabled results in os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5976

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2026-5975 — Totolink: Such manipulation of the argument wanIdx leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5975

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 20:16Z
HIGH

CVE-2026-4436 — A low-privileged remote attacker can send Modbus packets to manipulate register values that are

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4436

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line. CVSSv3.1 8.6 (HIGH)

CWECWE 306TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2026-40089 — Sonicverse: The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided install.sh script (including the one‑liner bash <(curl -fsSL https://sonicverse.short.gy/install-audiostack)) are affected. In these deployments, the dashboard accepts user-controlled URLs and passes them CVSSv3.1 9.9 (CRITICAL)

CWECWE 918VNDSonicverseTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2026-40088 — PraisonAI: Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121. CVSSv3.1 9.6 (CRITICAL)

CWECWE 78VNDPraisonaiTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2026-29145 — Apache Tomcat: CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-29145

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2 CVSSv3.1 9.1 (CRITICAL)

CWECWE 287VNDApacheVNDClient CertTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 20:16Z
CRIT

CVE-2025-13926 — An attacker could use data obtained by sniffing the network traffic to forge packets

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. CVSSv3.1 9.8 (CRITICAL)

CWECWE 807TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 19:16Z
CRIT

CVE-2026-39912 — V2Board: 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39912

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin priv CVSSv3.1 9.1 (CRITICAL)

CWECWE 201VNDV2boardTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 19:16Z
CRIT

CVE-2026-31170 — ToToLink: An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31170

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 19:00Z
HIGH

Inside Cirro: Attack Paths, Cloud Graphs, and Extensible Schemas

Bishop Fox Labs·bishopfox.com

Bishop Fox released Cirro, an open-source cloud attack path analysis tool for Azure that models relationships between identities, RBAC, resources, and data-plane artifacts (secrets, certificates) to expose privilege escalation and lateral movement chains. The tool uses a templated YAML schema engine with Tera templating to scale across Azure resource types without hardcoding, and includes CirroDash for graph visualization and cirro-azcli-ext for passive API response capture.

TACTA0007SRFIdentitySRFCloudVNDMicrosoftVNDAzureTYPResearchTYPToolSTGDiscovery
78
Edit Score
2026-04-09
2026-04-09 18:17Z
HIGH

CVE-2026-5329 — Rapid7: Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5329

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogu CVSSv3.1 8.5 (HIGH)

CWECWE 20VNDRapid7TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-09
2026-04-09 18:17Z
HIGH

CVE-2026-40070 — Sgbett Bsv-wallet: BSV Ruby SDK is the Ruby SDK for the BSV blockchain.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40070

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatev CVSSv3.1 8.1 (HIGH) · EPSS 1th percentile

CWECWE 347VNDBsvVNDSgbettTYPVulnerability
8.1
CVSS v3.1
91
Edit Score