CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/07 2:17 a.m.•4 views

SUSE CVE-2026-43177

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

5.7AI score0.00015EPSS

SUSE CVE•added 2026/05/07 2:16 a.m.•5 views

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

5.7AI score0.00014EPSS

vulnersOsv•added 2026/05/07 12:22 a.m.•7 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42585 Sourc...

7.5CVSS5.8AI score0.00012EPSS

Exploits1

Positive Technologies•added 2026/05/07 12:0 a.m.•5 views

PT-2026-38368

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...

8.2CVSS5.8AI score0.00109EPSS

Exploits1References8

CNVD•added 2026/05/07 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-20008)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...

Photon•added 2026/05/07 12:0 a.m.•6 views

Exploits0

Important Photon OS Security Update - PHSA-2026-5.0-0842

Updates of 'mysql', 'dotnet-runtime' packages of Photon OS have been released...

6.5CVSS6.8AI score0.00047EPSS

Exploits0

Github Security Blog•added 2026/05/06 9:31 p.m.•16 views

Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...

8.5CVSS5.7AI score0.00024EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/06 9:31 p.m.•6 views

EUVD-2026-28195

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS5.9AI score0.00101EPSS

EUVD•added 2026/05/06 9:31 p.m.•2 views

EUVD-2026-28194

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

OSV•added 2026/05/06 9:31 p.m.•9 views

GHSA-9R9J-3R2W-FG3V Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables

8.5CVSS5.7AI score0.00024EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•6 views

CVE-2026-43528

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00094EPSS

Exploits0References1

NVD•added 2026/05/06 8:16 p.m.•4 views

CVE-2026-44114

8.5CVSS0.00024EPSS

ATTACKERKB•added 2026/05/06 7:49 p.m.•3 views

CVE-2026-44115

8.8CVSS5.9AI score0.00101EPSS

Cvelist•added 2026/05/06 7:49 p.m.•23 views

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

8.5CVSS0.00024EPSS

ATTACKERKB•added 2026/05/06 7:49 p.m.•3 views

CVE-2026-44114

CVE•added 2026/05/06 7:49 p.m.•11 views

CVE-2026-44114

OpenClaw prior to version 2026.4.20 contains a namespace reservation flaw in workspace dotenv handling: OPENCLAW_ runtime-control variables are not properly reserved, allowing a malicious workspace to override critical runtime variables (e.g., OPENCLAW_GIT_DIR) and influence source-update or inst...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/06 7:49 p.m.•6 views

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv