CVE-2026-43569

OpenClaw (prior to 2026.4.9) contains an authentication bypass vulnerability where untrusted workspace plugins can be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can craft malicious workspace plugins that are automatically selected and enabled...

systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...

CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool RAT and a previously undocumented plugin called "Pheno." According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of...

WordPress Mentoring plugin <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration vulnerability

Unauthenticated Privilege Escalation in mentoringprocessregistration vulnerability discovered by シルAsuna in WordPress Plugin Mentoring versions = 1.2.8...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the ProcessServer processing program’s use of wcscpy to copy the boxname field, without verifying an empt...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation in the Payments component, which could allow a remote attacker with...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in SSL, which could allow remote attackers with access to the render...

PT-2026-38117

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An uninitialized use in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update to version...

PT-2026-38153

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A race condition in the Speech component allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process memory by usi...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementations in Cast, and could allow remote attackers with access to the damaged rendering process to bypass...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in ANGLE, which could allow a remote attacker with access to the renderer process to execute a sandbo...

PT-2026-38184

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in the UI allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after fre...

PT-2026-38148

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory through a crafted HTML...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. Versions of OpenStack Ironic prior to 35.0.1 contained a security vulnerability; this vulnerability stemmed from the...

PT-2026-38157

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in FileSystem allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted...

PT-2026-38203

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in SiteIsolation allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page...

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after their release, which could allow a remote attacker with access to the renderer proce...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by Network, which could allow a remote attacker with access to the renderer...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebUI policies, which could allow remote attackers with access to the rendering process to bypass...