[BSA-131] Security Update for flatpak

Simon McVittie uploaded new packages for flatpak which fixed the following security problems, the same as in DSA 6207-1: CVE-2026-34078, which allowed a Flatpak app to break out of the sandbox, resulting in code execution in the host context CVE-2026-34079, which allowed a Flatpak app to delete...

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

PT-2026-32496

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

CVE-2026-39859

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-40191

Summary: CVE-2026-40191 affects ClearanceKit on macOS, where the Endpoint Security event handler prior to 5.0.4-beta-1f46165 only validated the source path of dual-path file operations against FAA rules and App Jail policies, ignoring the destination path. As a result, a local process could bypas...

CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...

GHSA-8F4V-XFM9-3244 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...

CVE-2026-35668

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...

CVE-2026-40086

Rembg: Path traversal in the HTTP server allows unauthenticated remote attackers to read arbitrary files via a crafted model_path parameter. Affected versions are prior to 2.0.75; the issue can reveal file existence, permissions, and potentially contents through error messages. The vulnerability ...

OpenClaw Sandbox Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

PT-2026-32041

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.4-beta-1f46165 Description ClearanceKit monitors file system access on macOS and applies access policies per process. Before version 5.0.4-beta-1f46165, the Endpoint Security event handler only verified the...

PT-2026-31999

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $ REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabili...

SUSE CVE-2026-34078

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...

CVE-2026-40152

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...

CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...