GHSA-8M29-FPQ5-89JJ Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling

CVE-2026-41583: Consensus Divergence in Transparent Sighash Hash-Type Handling Summary After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus...

PT-2026-37129

Name of the Vulnerable Software and Affected Versions zebrad versions prior to 4.3.1 zebra-script versions prior to 5.0.2 Description Following a refactoring of the verification process for transparent transactions, Zebra failed to validate a consensus rule restricting the possible values of...

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560-Polkit-Privilege-Esclation PoC Original rese...

Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: valkey: valkey-9.0.3-1.2.hum1 aarch64, x8664 valkey-compat-redis-9.0.3-1.2.hum1 noarch valkey-compat-redis-devel-9.0.3-1.2.hum1 noarch valkey-devel-9.0.3-1.2.hum1 aarch64, x8664...

Security update for freerdp

This update for freerdp fixes the following issues: Security fixes: CVE-2026-26271: Buffer overread in FreeRDP icon processing bsc1258979. CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler bsc1258982. CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression...

CVE-2026-21727 Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

SUSE CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

GHSA-P4H8-56QP-HPGV SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...

CVE-2026-33551

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...

Chromium: CVE-2026-5867 Heap buffer overflow in WebML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-21430

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

EUVD-2026-21294

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the wolfSSLX509verifycert function. An attacker can bypass certificate signature validation by supplying a certificate chain where an untrusted intermediate with Basic Constraints set to CA:FALSE is...

CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

DEBIAN-CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

UBUNTU-CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...