PT-2026-28598

Name of the Vulnerable Software and Affected Versions ruby-lsp versions prior to 0.10.2 ruby-lsp gem versions prior to 0.26.9 Description The rubyLsp.branch VS Code workspace setting was used in generating a Gemfile without proper sanitization, potentially allowing arbitrary Ruby code execution...

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

CVE-2026-32898

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool...

CVE-2026-23331

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...

CVE-2026-23331

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...

CVE-2026-23331 udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...

Incorrect Authorization

Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...

GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

Exploit for CVE-2026-33017

CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...

DuckDuckGo: RCE + PAT Exfiltration via pull_request_target in privacy-configuration/auto-respond-pr.yml — Direct Supply Chain to All DDG Browsers

A vulnerability was discovered in the "auto-respond-pr.yml" GitHub Actions workflow of the "privacy-configuration" repository. The workflow used the "pullrequesttarget" trigger, which checked out the fork's repository as both the "base" and "PR" branches. This allowed an attacker to control the...

GHSA-RCX4-77X4-HJX5 Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7jx5-9fjg-hp4m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approv...

Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7jx5-9fjg-hp4m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approv...

CVE-2026-32898 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool...

EUVD-2026-13976

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool...

CVE-2026-32898

CVE-2026-32898 affects OpenClaw versions prior to 2026.2.23, specifically the ACP client. The issue is an authorization bypass where tool calls are auto-approved based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-cl...

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

PT-2026-26297

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.53 Description Claude Code is an agentic coding tool that experienced a loading order issue in its settings loader. The software resolved the permission mode from settings files, such as the...

Malicious code in ai-fast-auto-trader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8b2575eb64d69c961ae4e503747238d564d354049b7bdc75c814eceaa941fd5 The package ai-fast-auto-trader was found to contain malicious code...