CVE-2026-30284

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30281

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

EUVD-2026-17223

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-33977 FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

USN-8134-1 pyasn1 vulnerabilities

It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An attacker could possibly use this to cause a denial of service. CVE-2026-23490 Kevin Tu discovered that pyasn1 could exhaust system resources via uncontrolled recursion when attemptin...

OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

GHSA-PX3P-VGH9-M57C NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

CVE-2026-5125

The vulnerability CVE-2026-5125 affects raine consult-llm-mcp up to 2.5.3, specifically the function child_process.execSync in src/server.ts. Manipulating git_diff.base_ref/git_diff.files can lead to OS command injection with local access. A public exploit exists and upgrading to 2.5.4 (patch 4ab...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value through the Restore process in internal/backup/restore.go and internal/backup/manifest.go. An attacker can inject malicious configuration and gain arbitrary command execution by tampering wit...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348: Apache HugeGraph RCE Advanced Sandbox Bypass...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Vulnerabilities exist in versions of MongoDB Server prior to v8.2 8.2.2, v8.0...

Fedora: Security Advisory (FEDORA-2026-936a74ccc0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-8f1d7b6821)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-33147

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue exists in Viz. This allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML pag...

PT-2026-29103

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw in its backup restore mechanism. Prior to version 2.3.4, attackers can manipulate encrypted backup archives and inject...