4.7
CVE-2026-40977 - Spring Boot: Spring Boot: Local file corruption via PID file manipulation
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0β4.0.5 (fix 4.0.6), 3.5.0β3.5.13 (fix 3.5.14), 3.4.0β3.4.15 (fix 3.4.β¦
9.1
CVE-2026-40976 - Default Web Security Misconfiguration in Spring Boot
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter cβ¦
4.8
CVE-2026-40975 - Weak Random Number Generator Used for Secrets in Spring Boot
Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0β4.0.5 (fix 4.0.6), 3.5.0β3.5.13 (fix 3.5.14), 3β¦
5
CVE-2026-40974 - Cassandra SSL Hostname Verification Bypass in Spring Boot AutoβConfiguration
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0β4.0.5 (fix 4.0.6), 3.5.0β3.5.13 (fix 3.5.14), 3.4.0β3.4.15 (fix 3.4.16), 3.3.0β3.3.18 (fix 3.3.19), 2.7.0β2.7.32 (fix 2.7.33); Cassandra Sβ¦
5.3
CVE-2026-7200 - SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The exβ¦
7
CVE-2026-40973 - Local Directory Control Enables Session Hijacking and Code Execution in Spring Boot
A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijβ¦
6.9
CVE-2026-41372 - OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose bβ¦
8.4
CVE-2026-41371 - OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scopeβ¦
7.1
CVE-2026-41370 - OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch
OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories.
7.1
CVE-2026-41369 - OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution
OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configuraβ¦