530 matches found
CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the heartbeat process. An attacker can gain unauthorized access to restricted resources by exploiting context inheritance to bypass sandbox restrictions through...
PT-2026-33871
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An issue allows attackers to escape sandbox restrictions and achieve unauthorized privilege escalation. This is possible through heartbeat context inheritance and the manipulation of the...
Fleet's user account creation via invite does not enforce invited email address
Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address
Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...
Fleet 授权问题漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...
CVE-2026-32048
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...
SUSE CVE-2026-23371
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...
EUVD-2026-15357
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...
CVE-2026-23371
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...
CVE-2026-23371
CVE-2026-23371 (Linux kernel SCHED_DEADLINE) details (from provided docs): The vulnerability arose when a SCHED_DEADLINE task (often a lock holder) moved to a lower class via sched_setscheduler() and failed to inherit the donor DEADLINE parameters, risking bandwidth accounting corruption because ...
CVE-2026-23371
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...
GHSA-WR92-6W3G-2HWC Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p7gr-f84w-hqg5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations,...
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p7gr-f84w-hqg5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations,...
EUVD-2026-13943
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...
CVE-2026-32048
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...
CVE-2026-32048
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...
PT-2026-26730
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set...
EulerOS 2.0 SP11 : proftpd (EulerOS-SA-2026-1615)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...