CVE-2025-41257 Suprema BioStar 2 Insecure Password Change

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

CVE-2019-25503

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

EUVD-2026-9386

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2026-3094

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, guest management, and video log maintenance. A security vulnerability exists in the version 2.2.9.11.6 of...

PT-2026-22885

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description Delta Electronics CNCSoft-G2 does not properly validate user-supplied files. An attacker can exploit this by having a user open a malicious file, potentially leading to...

Slackware: Security Advisory (SSA:2026-062-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-23078

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005573 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005505 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005710 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.25-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues. For details, see...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via system.run when a mutable symlink is used as the cwd target between approval and execution. An attacker can execute commands in an...

GHSA-MWCG-WFQ3-4GJC OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Summary In [email protected], approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution. Details Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005737 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the host=node executions. An attacker can execute commands from an unintended filesystem location by rebinding a writable parent symlink...

OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind

Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.26 planned next npm release Impact A command...

Adobe After Effects suffers from an out-of-bounds read vulnerability (CNVD-2026-12689)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects 25.6 and...

Memory Free After Use Vulnerability in Adobe After Effects 25.6 and Prior Versions

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

PT-2026-26019

Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.26 planned next npm release Impact A command...