CVE-2026-43110 wifi: brcmfmac: validate bsscfg indices in IF events

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

CVE-2026-43110

CVE-2026-43110 concerns the Linux kernel brcmfmac Wi‑Fi driver. The issue arises when processing firmware interface (IF) events: the code validates the firmware-provided interface index but still uses the raw bsscfgidx as an array index without a matching range check, enabling out-of-bounds acces...

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

SUSE CVE-2026-31782

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad containerof in intelpmuhwconfig Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86hybridpmu and a containerof operation in...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.3.31 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a failure in the heartbeat owner’s detection mechanism, which overlooked local backend asynchrono...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the KVM x86 architecture’s failure to handle the -EBUSY error when checking nested events,...

PT-2026-38233

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.31 through 2026.4.9 Description A privilege escalation issue exists where heartbeat owner downgrade detection fails to identify local background async exec completion events. This allows attackers to provide untrusted...

PT-2026-37420

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description In the brcmfmac component of the Linux kernel, the brcmf fweh handle if event function fails to perform a range check on the bsscfgidx field provided by the firmware. This allows the raw...

GHSA-84HM-WFH8-C5PG sse-channel: SSE Injection via unsanitized event fields

Impact Implementations that allows user-provided values to be passed to event, retry or id fields would be susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. - Event Spoofing: Attacker can inject arbitrary SSE events into the stream - Client-side...

CRLF Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to CRLF Injection via the downloadICS.php process. An attacker can inject arbitrary calendar events and spoof event details by supplying specially crafted input...

CVE-2026-7855

creationtimestamp| type| source ---|---|--- 2026-05-05 19:17:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4vn5y2oe2r 2026-05-05 21:13:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml544oeqka2p 2026-05-06 20:07:07+00:00| seen|...

CVE-2026-43566

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...

CVE-2026-43534

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

CVE-2026-43566

OpenClaw is affected in versions 2026.4.7 through 2026.4.13 by a privilege escalation vulnerability caused by heartbeat owner downgrade logic that skips webhook wake events carrying untrusted content. An attacker can exploit this by sending untrusted webhook wake events to preserve an owner‑like ...

CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...

EUVD-2026-27283

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...

CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...

CVE-2026-43534

OpenClaw has a vulnerability in input validation prior to version 2026.4.10, where external hook metadata can be enqueued as trusted system events. This allows attackers to supply malicious hook names to escalate untrusted input into higher-trust agent context. Affected software: OpenClaw (pre-20...

CVE-2026-43534

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...