PT-2026-36820

Name of the Vulnerable Software and Affected Versions @clerk/clerk-js versions prior to 5.125.10 @clerk/clerk-js versions prior to 6.7.5 @clerk/shared affected versions not specified @clerk/nextjs affected versions not specified @clerk/backend affected versions not specified Description...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in operator precedence that leads to a buffer overflow. This vulnerability could allow attacker...

OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Impact OpenClaw deployments before 2026.4.21 could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true: - a channel plugin declared commands.enforceOwnerForCommands: true; - the channel accepted wildcard inbound senders with allowFrom: ""; ...

CVE-2026-42426

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairi...

Important: Red Hat Security Advisory: VolSync v0.15 security fixes and container updates

VolSync v0.15 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5034 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4585 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.15

Red Hat OpenShift Service Mesh 2.6.15 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

RHSA-2026:7885 Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0.18 (golang-github-openstack-k8s-operators-os-diff) security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0.18 (golang-github-openstack-k8s-operators-os-diff) security update

An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0.18 Antelope. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2026-38992

CVE-2026-38992 affects Cockpit up to v2.13.5. The vulnerability exists in the filter parameter used across multiple endpoints, enabling arbitrary code execution via the MongoLite $func operator and allowing an attacker to run system commands on the underlying infrastructure. Affected component: C...

FreeBSD Security Advisory - FreeBSD-SA-26:13.exec

FreeBSD Security Advisory - An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

FreeBSD-SA-26:13.exec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:13.exec Security Advisory The FreeBSD Project Topic: Local privilege escalation via execve Category: core Module: execve2 Announced: 2026-04-29 Credits: Ryan...

PT-2026-35924

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

CVE-2026-42426

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairi...

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

CVE-2026-41394

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators...

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

Important: Red Hat Security Advisory: VolSync v0.14 security fixes and container updates

VolSync v0.14 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...