CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

EUVD-2026-12887

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

CVE-2026-27545

OpenClaw is affected in versions prior to 2026.2.26. The issue is an approval bypass in system.run execution, where an attacker can rebinding writable parent symlinks in the current working directory after approval to modify the effective target path while the visible CWD remains unchanged. The r...

CVE-2026-27545 OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutabl...

CVE-2026-27545 OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutabl...

Slackware Linux 15.0 / current expat Multiple Vulnerabilities (SSA:2026-077-01)

The version of expat installed on the remote host is prior to 2.7.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-077-01 advisory. New expat packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

PT-2026-26095

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | src/backend/base/langflow/api/v1/api key.py:44-53 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description The delete api key route endpoint accepts an api key id path...

Race Condition

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Race Condition through the global currentTicks.current state shared between concurrent sandboxes. An attacker can consume excessive CPU resources and bypass execution quotas by...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-8slack15.0.txz: Rebuilt. This update fixes security issues: CVE-2026-1757 fix: Memory leak in xmllint Shell -...

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

PT-2026-25025

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set upgrade function via the modem url, target version, current version, firmware upload, hash type, hash value, and upgrade type parameters. These vulnerabilities allow attackers to execute...

EUVD-2026-10903

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

EUVD-2025-208479

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1455)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1455 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields CVE-2025-38591 In the Linux kernel, the following vulnerability has been...

CVE-2026-3094

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

EUVD-2025-208295

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2026-062-01)

The version of python3 installed on the remote host is prior to 3.12.13 / 3.9.25. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-062-01 advisory. New python3 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

CVE-2025-41257

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

CVE-2025-41257 Suprema BioStar 2 Insecure Password Change

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...