OESA-2026-2165 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

mysql: Fix of CVE-2018-2755

CVE-2018-2755: harden binlog event decoding against corrupt binary log files BUG24365972...

CLSA-2026-1777683582 mysql: Fix of CVE-2018-2755

CVE-2018-2755: harden binlog event decoding against corrupt binary log files BUG24365972...

Tracing the Dynamics of Refusal: Exploiting Latent Refusal Trajectories for Robust Jailbreak Detection

Representation Engineering typically relies on static refusal vectors derived from terminal representations. We move beyond this paradigm, demonstrating that refusal is a dynamic and sparse process rather than a localized outcome. Using Causal Tracing, we uncover the Refusal Trajectory-a persiste...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

CLSA-2026-1777552532 Fix CVE(s): CVE-2025-64720, CVE-2025-65018

No-source-change rebuild against libpng = 1.6.37-2+tuxcare.els2 to pick up the libpng security fixes for: - CVE-2025-64720: pngimagereadcomposite OOB read on palette images with PNGFLAGOPTIMIZEALPHA libpng 1.6.51. - CVE-2025-65018: pngimagefinishread heap buffer overflow on 16-bit interlaced PNGs...

CLSA-2026-1777538840 mysql: Fix of CVE-2018-2755

CVE-2018-2755: harden binlog event decoding against corrupt binary log files BUG24365972...

OSV-2026-653 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507413960 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf40::checkCoreFile...

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

CVE-2026-42420

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

CVE-2026-42420 OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...

CVE-2026-42420

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits, enabling memory exhaustion/DoS via crafted base64 input. Affected package: openclaw (npm); remediation patch is 2026.4.8 (commit d7c3210cd6f5fdfdc1beff4c95...

SUSE-SU-2026:21415-1 Security update for python311

This update for python311 fixes the following issue: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...

CVE-2026-41242

A flaw was found in protobufjs, a JavaScript JS library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then execute during the object...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in the base64 decoding process. By allocating memory before enforcing a size...

SUSE-SU-2026:21447-1 Security update for python311

This update for python311 fixes the following issue: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...