2.9
CVE-2026-40354 - flatpak: xdg-desktop-portal: Flatpak xdg-desktop-portal: File deletion via symlink attack
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
5.3
CVE-2026-3691 - OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization floโฆ
7.4
CVE-2026-3690 - OpenClaw Canvas Authentication Bypass Vulnerability
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authenticationโฆ
6.5
CVE-2026-3689 - OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the patโฆ
7.3
CVE-2026-4158 - KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulneraโฆ
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target โฆ
7.5
CVE-2026-4157 - ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The sโฆ
7.5
CVE-2026-4156 - ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerabiโฆ
7.5
CVE-2026-4155 - ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnโฆ
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit โฆ
7.8
CVE-2026-4154 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malโฆ
7.8
CVE-2026-4153 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or โฆ