CVE-2026-34660

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...

EUVD-2026-29620

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

MAL-2026-3681 Malicious code in @catamania/ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 326cc4cf1fbe96c77b6340df59ebea040cdd522e3e4bc76471563190044cf53a The package declares a postinstall lifecycle hook "postinstall": "node postinstall.js" in package.json that runs automatically during npm install...

PT-2026-40018

Name of the Vulnerable Software and Affected Versions Siemens Simcenter Femap affected versions not specified Description Memory corruption occurs during the parsing of specially crafted IPT files. This flaw allows an attacker to execute arbitrary code within the context of the current process...

APSB26-52 : Security update available for Adobe Substance 3D Designer

Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...

Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

GHSA-XPR6-2HGM-4WWP Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

CVE-2026-45004 OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

CVE-2026-45004

OpenClaw vulnerable to arbitrary code execution prior to version 2026.4.23. The flaw is in the bundled plugin setup resolver, which loads setup-api.js from process.cwd() during provider setup metadata resolution. An attacker can place a malicious extensions//setup-api.js in a repository and cause...

CVE-2026-45004 OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

PT-2026-39693

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.10.2esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

[slackware-security] kernel

New kernel packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.205/kernel-generic-5.15.205-i586-1.txz: Upgraded. patches/packages/linux-5.15.205/kernel-generic-smp-5.15.205smp-i686-1.tx...

EUVD-2026-28700

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-43394

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

CVE-2026-43416

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...