CVE-2026-44998

creationtimestamp| type| source ---|---|--- 2026-05-11 18:42:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllwhcxklc2i...

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-44998 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-44998 Source advisory: SNYK:JS-OPENCLAW-16298052...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44998)

atm: idt77252: use after free in dequeuerx. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504512; scriptversion"1.2";...

EUVD-2025-44998

Malicious code in tomi-moci31-sukiwir npm...

CVE-2024-44998

creationtimestamp| type| source ---|---|--- 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

creationtimestamp| type| source ---|---|--- 2025-05-23 19:44:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17454 2025-05-23 21:54:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpummy4lhz2m...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

CVE-2025-44998 is a stored XSS in TinyFileManager v2.4.7, triggered in the /tinyfilemanager.php component via the js-theme-3 parameter. The vulnerability allows injecting arbitrary JavaScript/HTML, with PoCs showing script execution across the page and up to the login screen. Public exploit/PoC e...

Linux Distros Unpatched Vulnerability : CVE-2024-44998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - atm: idt77252: prevent use after free in dequeuerx We can't dereference skb after calling vcc-push because the skb is released. CVE-2024-44998 Note that Nessus...

Azure Linux 3.0 Security Update: kernel (CVE-2024-44998)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44998 advisory. - In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in...

CVE-2024-44998 affecting package kernel for versions less than 6.6.51.1-1

CVE-2024-44998 affecting package kernel for versions less than 6.6.51.1-1. An upgraded version of the package is available that resolves this issue...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-44998)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44998 advisory. - In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in...

CVE-2024-44998 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-44998 affecting package kernel for versions less than 5.15.167.1-1. An upgraded version of the package is available that resolves this issue...

SUSE-SU-2024:3592-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done bsc1229607. - CVE-2022-48911: kabi: add nfqueuegetrefs for kabi compliance...

SUSE-SU-2024:3591-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobjectput frees the memory bsc1225316. - CVE-2022-48788: nvme-rdma: fix possible use-after-free in...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3559-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3559-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following securi...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3561-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3561-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The...

SUSE-SU-2024:3559-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobjectput frees the memory bsc1225316. - CVE-2022-48788: nvme-rdma: fix possible use-after-free in transpor...