| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-29050 | melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses | chainguard-dev | melange | Medium | 6.1 | 2026-04-23 23:58:40 | Deep Dive |
| CVE-2026-40431 | SenseLive X3050 Cleartext transmission of sensitive information | SenseLive | X3050 | Medium | 5.3 | 2026-04-23 23:56:50 | Deep Dive |
| CVE-2026-27843 | SenseLive X3050 Missing authentication for critical function | SenseLive | X3050 | Critical | 9.1 | 2026-04-23 23:54:55 | Deep Dive |
| CVE-2026-39462 | SenseLive X3050 Insufficiently Protected Credentials | SenseLive | X3050 | High | 8.1 | 2026-04-23 23:52:16 | Deep Dive |
| CVE-2026-35503 | SenseLive X3050 Use of Hard-coded Credentials | SenseLive | X3050 | Critical | 9.8 | 2026-04-23 23:50:04 | Deep Dive |
| CVE-2026-25720 | SenseLive X3050 Insufficient session expiration | SenseLive | X3050 | Medium | 5.4 | 2026-04-23 23:48:17 | Deep Dive |
| CVE-2026-40630 | SenseLive X3050 Authentication bypass using an alternate path or channel | SenseLive | X3050 | Critical | 9.8 | 2026-04-23 23:45:47 | Deep Dive |
| CVE-2026-1789 | Canon多款产品 安全漏洞 | Canon Inc. | imagePRESS Series | Medium | 4.9 | 2026-04-23 23:38:11 | Deep Dive |
| CVE-2026-29197 | Rocket.Chat 访问控制错误漏洞 | Rocket.Chat | Rocket.Chat | - | - | 2026-04-23 23:19:41 | Deep Dive |
| CVE-2026-6732 | Libxml2: libxml2: denial of service via crafted xsd-validated document | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.5 | 2026-04-23 22:19:34 | Deep Dive |
| CVE-2026-41361 | OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges | OpenClaw | OpenClaw | High | 7.1 | 2026-04-23 21:58:19 | Deep Dive |
| CVE-2026-41360 | OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding | OpenClaw | OpenClaw | Medium | 6.7 | 2026-04-23 21:58:18 | Deep Dive |
| CVE-2026-41359 | OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence | OpenClaw | OpenClaw | High | 7.1 | 2026-04-23 21:58:18 | Deep Dive |
| CVE-2026-41358 | OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context | OpenClaw | OpenClaw | Medium | 5.4 | 2026-04-23 21:58:17 | Deep Dive |
| CVE-2026-41357 | OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends | OpenClaw | OpenClaw | Low | 3.3 | 2026-04-23 21:58:16 | Deep Dive |
| CVE-2026-41355 | OpenShell < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion | OpenClaw | OpenClaw | High | 7.3 | 2026-04-23 21:58:15 | Deep Dive |
| CVE-2026-41356 | OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate | OpenClaw | OpenClaw | Medium | 5.4 | 2026-04-23 21:58:15 | Deep Dive |
| CVE-2026-41354 | OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys | OpenClaw | OpenClaw | Low | 3.7 | 2026-04-23 21:58:14 | Deep Dive |
| CVE-2026-41353 | OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection | OpenClaw | OpenClaw | High | 8.1 | 2026-04-23 21:58:13 | Deep Dive |
| CVE-2026-41352 | OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass | OpenClaw | OpenClaw | High | 8.8 | 2026-04-23 21:58:12 | Deep Dive |