BrowserTools MCP 命令注入漏洞

BrowserTools MCP is an open-source browser monitoring and AI interaction tool developed by AgentDeskAI. Versions of BrowserTools MCP 1.2.0 and earlier contained a command injection vulnerability, which stemmed from the os command injection present in the browser-tools-server/browser-connector.ts...

Linux Distros Unpatched Vulnerability : CVE-2026-31582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mut...

CVE-2026-31653

A flaw was found in the Linux kernel's Data Access MONitor DAMON subsystem. When a process being monitored by DAMON terminates unexpectedly, a memory leak can occur because a control structure is not properly deallocated. This can lead to a gradual consumption of system memory, potentially causin...

CVE-2026-31652

A flaw was found in the Linux kernel. When the damonstatstart function fails to complete its operation, a memory leak can occur. If a user attempts to re-enable the DAMON Data Access MONitor feature, previously allocated memory for the damonctx object is not properly deallocated, leading to a...

CVE-2026-31582

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...

EUVD-2026-25325

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

PT-2026-34934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hwmon powerz component during USB disconnection. When powerz disconnect frees the URB USB Request Block and releases the mutex, a subsequent call to...

Security Bulletin: Enterprise Content Managemant System Monitor for March 2026 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

PT-2026-34772

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

BorG SPM 安全漏洞

BorG SPM is a software platform developed by BorG in Taiwan, China, used for system performance monitoring and resource management analysis. The BorG SPM 2007 version contains a security vulnerability, which stems from an authentication bypass mechanism. This vulnerability could allow unauthorize...

EUVD-2026-24893

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

CVE-2026-31511

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013531 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211rx We cannot dereference the skb pointer after...

Microsoft Azure Monitor Agent Code Issue Vulnerability (CNVD-2026-18594)

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

Microsoft Azure Monitor Agent Input Validation Error Vulnerability (CNVD-2026-18593)

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013004)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013004 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of...

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Non-Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.9...

📄 dcontrol 1.0.9 Remote Code Execution

dcontrol version 1.0.9 suffers from an unauthenticated remote code execution vulnerability via the /control-api/monitor/open endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution RCE Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution

dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...