EUVD-2026-29372

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the applicati...

PT-2026-40349

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

SPIP 代码注入漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability. This vulnerability stemmed from remote code execution in public spaces under certain Nginx configurations, potentially allowing arbitrary code to be...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from input handling defects in the Yii object creation path, which could allow any authenticated...

EUVD-2026-29151

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

EUVD-2026-29140

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODEOPTIONS, LDPRELOAD, or BASHENV to spawne...

Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj59-h3q9-ghfh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server...

CVE-2026-45006

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

CVE-2026-44995

OpenClaw contains an environment variable validation flaw in the MCP stdio server configuration before version 2026.4.20, allowing local attackers to inject code via startup variables such as NODE_OPTIONS, LD_PRELOAD, or BASH_ENV passed to spawned MCP server processes. The vulnerability is catego...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

PT-2026-39883

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Improper escaping of the redirection page, which is retrieved from the Referer header of the request, allows an attacker to inject HTML. In certain server configurations, this can lead to...

See and Secure Everything at the Edge with Wiz and Akamai

Akamai edge configurations are now visible on the Wiz Security Graph, giving teams a single understanding of risk from edge to runtime...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : EditorConfig vulnerability (USN-8238-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8238-1 advisory. It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A local attacker could possibly use this issue ...

The Jenkins Threat Landscape

What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface...

EUVD-2025-209665

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from out-of-bounds array index access in the ntbhwswitchtec driver. This vulnerability may lead to...

PT-2026-37441

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...