NVD disclosure day
CVE-2026-40281
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Gotenberg versions prior to 8.31.0 have a critical flaw allowing unauthenticated attackers to rename, move, or overwrite files processed by the service, potentially impacting sensitive data.
CVE-2026-44109
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
OpenClaw systems have a critical flaw allowing attackers to run any command by bypassing security checks, potentially impacting Feishu integrations.
CVE-2026-43585
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
OpenClaw gateways can be accessed by revoked credentials, allowing unauthorized users to bypass security controls and access your systems.
CVE-2026-43578
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with existing access can manipulate background processes within OpenClaw to bypass intended security settings. This could allow them to gain elevated permissions and obtain full administrative control over the system.
CVE-2026-43575
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
OpenClaw versions 2026.2.21 before 2026.4.10 have a critical flaw allowing attackers to bypass authentication and seize control of interactive browser sessions.
CVE-2026-40076
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with module management access can manipulate OpenMRS Core to gain full control over the system. This unauthorized access could lead to a compromise of sensitive data and critical business operations.
CVE-2026-7910
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An external attacker could exploit a flaw in Google Chrome to bypass security protections that keep website data separate. This could allow them to steal sensitive information or user credentials when a user visits a malicious website.
CVE-2026-7908
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An external attacker can exploit a flaw in the Google Chrome browser by tricking a user into visiting a malicious website. This allows the attacker to bypass built-in security to run code and gain full administrative control over an employee's computer.
CVE-2026-41930
Halo Surface Signal: 3 out of 5 — possibly public-facing.
Vvveb uses preset database passwords that allow an external attacker to access the system's management interface. This exposes sensitive customer information and administrator accounts to theft or manipulation, risking complete application compromise.
CVE-2026-0300
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A critical flaw in Palo Alto firewalls' User-ID service allows attackers to gain full control of the device remotely without authentication. This vulnerability warrants immediate attention due to its potential for widespread network compromise.
CVE-2026-29090
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with valid credentials can use Rucio to execute unauthorized database commands. This allows them to steal or delete sensitive company data and potentially take control of the database server, putting business operations at risk.
CVE-2026-29080
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker can exploit a flaw in the Rucio platform to gain full database access. This allows them to steal sensitive information such as account credentials and proprietary data, risking a total compromise of the system’s managed information.
CVE-2026-5081
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A flaw in Apache::Session::Generate::ModUniqueId can allow attackers to guess session IDs, potentially letting them take over user accounts in web applications. This issue deserves attention now as it affects internet-facing applications and could lead to unauthorized access.
CVE-2026-43208
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in the Linux kernel's networking code can let attackers crash systems or gain unauthorized control. This affects how your Linux servers handle internet traffic, making it a top priority to fix.
CVE-2026-43198
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A critical flaw in the Linux kernel could allow unauthorized access or service disruption by exploiting how network connections are handled. This warrants immediate attention as it affects core system functions.
CVE-2026-43197
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with existing system access could exploit a flaw in the Linux kernel's logging component to crash the system or steal sensitive information like cryptographic keys. This risk is significant as it could lead to unauthorized data exposure and unplanned business downtime.
CVE-2026-43186
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can send malicious network traffic to the Linux kernel, triggering a system crash. This vulnerability could be exploited to cause unexpected service outages and disrupt critical network infrastructure.
CVE-2026-43185
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can send malicious requests to the Linux file sharing service, potentially causing system crashes or granting them full control over the server. This poses a significant risk by enabling unauthorized access to the operating system and disrupting critical business operations.
CVE-2026-43125
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker could exploit a flaw in the Linux kernel to crash servers or gain full system control by sending malformed network messages. This risks critical business disruptions and the loss of essential infrastructure availability.
CVE-2025-59852
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
HCL DFXAnalytics transmits information without encryption, allowing an external attacker to intercept network traffic and steal login credentials. This exposes sensitive data and could allow unauthorized parties to gain administrative control over the application.
CVE-2025-59851
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
HCL DFXAnalytics has a critical flaw that allows unpatched libraries to be exploited. This means attackers can gain unauthorized access to customer data or services over the internet without needing special privileges.
CVE-2026-43117
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with existing system access can exploit a vulnerability in the Linux kernel’s Btrfs storage component to trigger an unrecoverable system crash. This could cause unexpected service outages and disrupt critical business operations reliant on this storage technology.
CVE-2026-43114
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A security flaw in the Linux kernel firewall could allow an internal attacker with existing administrative privileges to manipulate network rules and bypass security policies. This could lead to unauthorized access to sensitive network services or hosts.
CVE-2026-43083
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can send specific network traffic to the Linux kernel to trigger an immediate system crash. By doing so, they could force a recurring outage and disrupt the availability of critical network services.
CVE-2026-40010
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A serious security flaw in Apache Wicket lets attackers steal user accounts by tricking users into clicking a bad link. This affects internet-facing applications and could let unauthorized individuals access sensitive data.