Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written into persistent agent state, re-enter the LLM decision conte...

Claude SDK for TypeScript 安全漏洞

Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c: 751;...

Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration

Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...

CVE-2026-31717

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability allows an authenticated user to hijack an orphaned durable handle by predicting or brute-forcing its persistent ID. This could lead to unauthorized access to file sessions and potentially sensitive data or services...

Exploit for Missing Authentication for Critical Function in Cpanel

cPanel-CVE-2026-41940-Scanner !Licensehttps://img.shields...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd failing to verify the ownership of persistent handles during reconnection. This vulnerabili...

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

EUVD-2018-21830

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

Important: Red Hat Security Advisory: VolSync v0.15 security fixes and container updates

VolSync v0.15 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Improper Control Of Temporary Directory Access

org.springframework.boot, spring-boot is vulnerable to improper control of temporary directory access. The vulnerability is due to inadequate ownership verification of the ApplicationTemp directory when persistent sessions are enabled, which allows a local attacker to gain control of the director...

CVE-2026-42431

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invokebrowser.proxy that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations...

Important: Red Hat Security Advisory: VolSync v0.14 security fixes and container updates

VolSync v0.14 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2026-35902

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...

CVE-2026-42431 OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invokebrowser.proxy that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations...

EUVD-2026-26133

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invokebrowser.proxy that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations...

CVE-2026-42431

OpenClaw contains a vulnerability where node.invoke(browser.proxy) bypasses the browser.request persistent profile‑mutation guard, enabling mutation of persistent browser profiles. Affected software: OpenClaw npm package, prior to 2026.4.8. Root cause: a security bypass path in node.invoke(browse...

CVE-2026-42431 OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invokebrowser.proxy that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations...

Spring Boot accepts predictable temp directory without ownership verification

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...