BIT-JRE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

BIT-JRE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

FastGPT 访问控制错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.10 to 4.14.13 of FastGPT, there was an access control vulnerability. This vulnerability stemmed from the agent-sandbox component’s startup script using the...

Spying across Chiplets: Side-Channel Attacks in 2.5/3D Integrated Systems

Advanced packaging and chiplet-based integration are increasingly adopted to build complex heterogeneous systems beyond the limits of monolithic scaling. While these architectures offer major benefits in terms of modularity, yield, and performance, they also introduce new physical attack surfaces...

PT-2026-38826

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

PT-2026-38808

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

PT-2026-38688

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

PT-2026-38784

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

CVE-2026-7414

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

SUSE CVE-2026-43205

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against DPSWMAXIF 64. This value controls iteration in...

SUSE CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

Linux Distros Unpatched Vulnerability : CVE-2026-42503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit ho...

Yarbo 信任管理问题漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...

Linux Distros Unpatched Vulnerability : CVE-2026-43205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against...

CVE-2026-43239

A flaw was found in the Linux kernel's Server Message Block SMB client. A race condition exists where multiple operations attempting to update network interfaces could execute simultaneously. This concurrency issue could lead to an inconsistent state within the SMB client, potentially causing...

@jupyter-notebook/application (>=7.2.0 <=7.4.7), @jupyterlite/application (>=0.4.0 <=0.6.4) +4 more potentially affected by CVE-2026-42557 via @jupyterlab/rendermime-interfaces (>=3.10.7 <=3.12.10)

@jupyterlab/rendermime-interfaces NPM version =3.10.7, =7.2.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.1.1, =0.2.2 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABRENDERMIMEINTERFACES-16438959...

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

CVE-2026-43581

Technical details are not publicly available in the provided documents. Monitor for updates to official advisories for specifics on affected components, impact, and remediation.