CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlmaLinux•added 2026/04/13 12:0 a.m.•3 views

Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS7.4AI score0.00061EPSS

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32350

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter x tables component where xt match and xt target structures registered with NFPROTO UNSPEC can be loaded by any protocol family via nft compat. When these...

5.5CVSS5.5AI score0.00015EPSS

Exploits0References35

Debian•added 2026/04/11 11:19 a.m.•2 views

[SECURITY] [DLA 4528-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4528-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 11, 2026 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.01376EPSS

The Hacker News•added 2026/04/10 11:0 a.m.•7 views

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI...

6.1AI score

OSV•added 2026/04/10 12:30 a.m.•0 views

GHSA-8J7F-G9GV-7JHC Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...

7.4CVSS5.7AI score0.00046EPSS

Github Security Blog•added 2026/04/10 12:30 a.m.•3 views

Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

5.7AI score

Exploits0References5Affected Software1

EUVD•added 2026/04/10 12:30 a.m.•0 views

EUVD-2026-21116

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CNVD•added 2026/04/10 12:0 a.m.•4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-19641)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

8.8CVSS6.1AI score0.00019EPSS

Cvelist•added 2026/04/09 10:35 p.m.•20 views

CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

6.9CVSS0.00053EPSS

Exploits0References1

NVD•added 2026/04/09 10:16 p.m.•3 views

CVE-2026-35629

7.4CVSS0.00046EPSS

CVE•added 2026/04/09 9:27 p.m.•5 views

CVE-2026-35629

CVE-2026-35629 affects OpenClaw before version 2026.3.25. The issue is SSRF via unguarded configured base URLs in multiple channel extensions, where unprotected fetch() calls can rebinding requests to blocked internal destinations and access restricted resources. Impact per sources is limited to ...

Exploits0References3Affected Software1

Cvelist•added 2026/04/09 9:27 p.m.•19 views

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

7.4CVSS0.00046EPSS

Vulnrichment•added 2026/04/09 9:27 p.m.•2 views

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

7.4CVSS5.8AI score0.00046EPSS

ATTACKERKB•added 2026/04/09 9:27 p.m.•1 views

CVE-2026-35629

RedhatCVE•added 2026/04/09 7:23 p.m.•1 views

CVE-2026-35486

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS5.9AI score0.0002EPSS

Exploits1References1

CNNVD•added 2026/04/09 12:0 a.m.•3 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 had code vulnerabilities. These vulnerabilities stemmed from insufficient protection configurations for multiple channel extensions, which could lead to server-side request...