CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

EUVD-2026-9849

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

PT-2026-23438

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.4 Parse Server versions prior to 9.4.1-alpha.3 Description Parse Server deployments utilizing the readOnlyMasterKey option are susceptible to unauthorized modifications. The readOnlyMasterKey is intended to...

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.0 contained security vulnerabilities. These vulnerabilities were due to access control flaws, allowing unauthenticated visitors to terminate running operations, potentially leading to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005682)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005682 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

EUVD-2026-9503

Vaultwarden's Collection Management Operations Allowed Without manage Verification for Manager Role...

USN-8073-1: QEMU vulnerabilities

It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2024-8354 It was discovered that QEMU incorrectly handled memory durin...

EUVD-2025-208272

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

CVE-2026-23232

In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fsenablecheckpoint" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - writebegin - lockpage --- lock A -...

USN-8071-1: NSS vulnerability

It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8071-1 nss vulnerability

It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Vulnerabilities fixed in VMware Aria Operations

Broadcom has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include privilege escalation, stored cross-site scripting XSS and command injection. The privilege escalation vulnerability could allow an attacker to gain elevated privileges, which could affect system integrity an...

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities KEV catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719...

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations

Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle AitM proxying...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, particularly related to improper handling of integer operations and out-of-bounds access during read and write...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Vulnerabilities exist in versions of Dell PowerScale OneFS prior to 9.10.1.6, as well as in versions 9.11.0.0 to...