Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005557 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in...

[slackware-security] gvfs

New gvfs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gvfs-1.48.1-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: ftp: Use control connection address for PASV data. ftp:...

Malicious code in randomstringgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9fc95ea566ad1938f7f75123eee2d8b3365bf55f06d7aa8a5f569f5e4c696132 Using the provided function results in exfiltrating the current running file likely the user's script to the hardcoded location. --- Category: MALICIOUS - The...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.8.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

CVE-2026-27757

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

CVE-2026-27757

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

Important: libpng15 security update

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng. Security Fixes: libpng: LIBPNG has a heap buffer overflow i...

CVE-2019-25366

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

Xmind 安全漏洞

Xmind is a mind mapping software developed by Xmind Corporation. There is a security vulnerability in Xmind, which stems from insufficient user interface warnings when processing attachments. This vulnerability could allow remote attackers to execute arbitrary code within the current user...

CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...

Arbitrary Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...

Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026

Forrester’s CNAPP evaluation rated Wiz with the highest Current Offering category score, which we believe reflects our commitment to protecting everything built and run in the cloud...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.7.2esr-i686-1slack15.0.txz: Upgraded. This update contains a security fix: Heap buffer overflow ...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.7.1esr-i686-1slack15.0.txz: Upgraded. This update contains a security fix: Heap buffer overflow in libvp...

[slackware-security] lrzip

New lrzip packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/lrzip-0.660-i586-1slack15.0.txz: Upgraded. Address multiple potential security issues with crafted or corrupt archives. Security fix...

[slackware-security] libssh

New libssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.11.4-i586-1slack15.0.txz: Upgraded. This update fixes security issues: SCP Protocol Path Traversal in sshscppullrequest...

Slackware: Security Advisory (SSA:2026-047-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2026-047-04)

The version of mozilla-thunderbird installed on the remote host is prior to 140.7.2esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-047-04 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has...