CVE-2026-41367

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION:...

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +21 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.0.0, =3.25.0, =1.0.0, =1.0.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https://...

org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +8 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-consul MAVEN version =3.0.0-M1, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321641...

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +22 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0-M1, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =0.2.0, =3.25.0, =0.2.0, =0.2.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https...

AutoForge 路径遍历漏洞

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge contains a path traversal vulnerability, which stems from path traversal in UI/static components. This vulnerability could allow attackers to access arbitrary files...

PT-2026-35384

CVE-2026-33454 The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filt… https://t.co/aFcj2mALO4...

gdk-pixbuf2 security update

2.42.12-5 - jpeg: Reject unsupported number of components...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Research Repository !License: MIThttps://i...

[SECURITY] Fedora 44 Update: qt6-qttools-6.10.3-2.fc44

Qt6 - QtTool components...

[SECURITY] Fedora 44 Update: qt6-qtconnectivity-6.10.3-1.fc44

Qt6 - Connectivity components...

[SECURITY] Fedora 44 Update: qt6-qtcharts-6.10.3-1.fc44

Qt Charts module provides a set of easy to use chart components. It uses the Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QGra phicsWidget, or QML types. Users can easily create impressive graphs by selecting o...

Linux Distros Unpatched Vulnerability : CVE-2026-31587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using...

From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems

Agentic AI systems face security challenges that stateless large language models do not. They plan across extended horizons, maintain persistent memory, invoke external tools, and coordinate with peer agents. Existing security analyses organize threats by attack type prompt injection, jailbreakin...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-34197, CVE-2026-40466 Source advisory: OSV:GHSA-W3W2-MPP5-92GM...

CLSA-2026-1768570589 mysql: Fix of 8 CVEs

Update to MySQL 8.0.44 - CVEs fixed: CVE-2025-53040 CVE-2025-53042 CVE-2025-53044 CVE-2025-53045 CVE-2025-53053 CVE-2025-53054 CVE-2025-53062 CVE-2025-53069...

Malicious Package

Overview auth0-ui-components-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-3024 Malicious code in auth0-ui-components-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0d97624d1290690782d9c5e369ea2df5642da13ce61f091ea686ff4af38ce1 The package auth0-ui-components-docs was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-25325

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...