CVSS: 5.8EPSS: %CPEs: 1EXPL: 0CVE-2026-42427 – OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection
https://notcve.org/view.php?id=CVE-2026-42427
28 Apr 2026 — OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and achieve arbitrary code execution. • https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-build-tool-environment-variable-injection • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2026-41378 – OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch
https://notcve.org/view.php?id=CVE-2026-41378
28 Apr 2026 — Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.request dispatch to achieve remote code execution on the gateway. • https://www.vulncheck.com/advisories/openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2026-41373 – OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy
https://notcve.org/view.php?id=CVE-2026-41373
28 Apr 2026 — Attackers with approved host-exec requests can override compiler binaries to execute arbitrary code during build processes. • https://github.com/openclaw/openclaw/security/advisories/GHSA-g8xp-qx39-9jq9 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.2EPSS: %CPEs: 1EXPL: 1CVE-2026-27760 – OpenCATS PHP Code Injection via installer AJAX endpoint
https://notcve.org/view.php?id=CVE-2026-27760
28 Apr 2026 — OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation ... • https://chocapikk.com/posts/2026/opencats-installer-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.7EPSS: %CPEs: 1EXPL: 0CVE-2026-40552 – Remote Code Execution in mpGabinet
https://notcve.org/view.php?id=CVE-2026-40552
28 Apr 2026 — mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote network resource. Alternatively, it is possible to use a previously uploaded file and change its reference. When the application processes the attachment, and a user tries to open it, the referenced resource is ex... • https://cert.pl/posts/2026/04/CVE-2026-40550 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10539 – Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App
https://notcve.org/view.php?id=CVE-2025-10539
28 Apr 2026 — This allows the attacker to achieve user-level remote code execution on the affected client. • https://sec-consult.com/vulnerability-lab/advisory/missing-tls-certificate-validation-leading-to-rce-in-desktime-time-tracking-app • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust CWE-494: Download of Code Without Integrity Check •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-60889
https://notcve.org/view.php?id=CVE-2025-60889
28 Apr 2026 — Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. • http://hpx.com •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40972
https://notcve.org/view.php?id=CVE-2026-40972
27 Apr 2026 — In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. • https://spring.io/security/cve-2026-40972 • CWE-208: Observable Timing Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2026-41463 – ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php
https://notcve.org/view.php?id=CVE-2026-41463
27 Apr 2026 — Attackers can exploit unvalidated archive extraction to write a PHP webshell to a web-accessible directory and achieve remote code execution with the privileges of the web server process. • https://damiri.fr/en/cves/CVE-2026-41463 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33453 – Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
https://notcve.org/view.php?id=CVE-2026-33453
27 Apr 2026 — Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec) The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy. ... As a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can ... • https://camel.apache.org/security/CVE-2026-33453.html • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •