π CVE-2026-54410 - High (8.6)
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive bu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-54410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-41005 - Critical (9)
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and br...
π https://www.thehackerwire.com/vulnerability/CVE-2026-41005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53807 - High (8.8)
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authoriz...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53806 - High (8.8)
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53806/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-50245 - High (7.7)
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
π https://www.thehackerwire.com/vulnerability/CVE-2026-50245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-50005 - High (7.7)
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
π https://www.thehackerwire.com/vulnerability/CVE-2026-50005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53817 - High (8.8)
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53817/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53814 - High (8.3)
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /h...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53813 - High (7.8)
OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unin...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53813/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-53812 - High (7.7)
OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-53812/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire