| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40706 | Tuxera NTFS-3G 安全漏洞 | Tuxera | NTFS-3G | High | 8.4 | 2026-04-21 00:00:00 | Deep Dive |
| CVE-2025-70420 | Genesys Latitude 安全漏洞 | - | - | - | - | 2026-04-21 00:00:00 | Deep Dive |
| CVE-2026-35570 | OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal | Gitlawb | openclaude | High | 8.4 | 2026-04-20 23:24:08 | Deep Dive |
| CVE-2026-35588 | Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values | nicolargo | glances | Medium | 6.3 | 2026-04-20 23:20:35 | Deep Dive |
| CVE-2026-35587 | Glances IP Plugin has SSRF via public_api that leads to credential leakage | nicolargo | glances | - | - | 2026-04-20 23:19:03 | Deep Dive |
| CVE-2026-34839 | Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS | nicolargo | glances | - | - | 2026-04-20 23:09:03 | Deep Dive |
| CVE-2026-41331 | OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription | OpenClaw | OpenClaw | Medium | 5.3 | 2026-04-20 23:08:18 | Deep Dive |
| CVE-2026-41330 | OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy | OpenClaw | OpenClaw | Medium | 4.4 | 2026-04-20 23:08:17 | Deep Dive |
| CVE-2026-41329 | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation | OpenClaw | OpenClaw | Critical | 9.9 | 2026-04-20 23:08:16 | Deep Dive |
| CVE-2026-41303 | OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands | OpenClaw | OpenClaw | High | 8.8 | 2026-04-20 23:08:16 | Deep Dive |
| CVE-2026-41302 | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download | OpenClaw | OpenClaw | High | 7.6 | 2026-04-20 23:08:15 | Deep Dive |
| CVE-2026-41301 | OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass | OpenClaw | OpenClaw | Medium | 5.3 | 2026-04-20 23:08:14 | Deep Dive |
| CVE-2026-41300 | OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding | OpenClaw | OpenClaw | Medium | 6.5 | 2026-04-20 23:08:13 | Deep Dive |
| CVE-2026-41299 | OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard | OpenClaw | OpenClaw | High | 7.1 | 2026-04-20 23:08:13 | Deep Dive |
| CVE-2026-41298 | OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint | OpenClaw | OpenClaw | Medium | 5.4 | 2026-04-20 23:08:12 | Deep Dive |
| CVE-2026-41297 | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect | OpenClaw | OpenClaw | High | 7.6 | 2026-04-20 23:08:11 | Deep Dive |
| CVE-2026-41296 | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile | OpenClaw | OpenClaw | High | 8.2 | 2026-04-20 23:08:10 | Deep Dive |
| CVE-2026-41295 | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup | OpenClaw | OpenClaw | High | 7.8 | 2026-04-20 23:08:10 | Deep Dive |
| CVE-2026-41294 | OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File | OpenClaw | OpenClaw | High | 8.6 | 2026-04-20 23:08:09 | Deep Dive |
| CVE-2026-40045 | OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints | OpenClaw | OpenClaw | Medium | 5.7 | 2026-04-20 23:08:08 | Deep Dive |