BIT-RABBITMQ-C-2023-35789

An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...

UBUNTU-CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

CVE-2026-4476 Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...

EUVD-2026-13473

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4451

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

SUSE CVE-2026-20644

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-32766

CVE-2026-32766 affects astral-tokio-tar

PT-2026-26662

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child process.exec of the file src/gitUtils.ts of the component show merge diff/quick merge summary/show file diff. The manipulation results in os...

QNAP Systems Media Streaming Add-On 安全漏洞

QNAP Systems Media Streaming Add-On is an extension component developed by QNAP Systems, a company from Taiwan, China, that provides media streaming services and content distribution capabilities for network storage devices. The QNAP Systems Media Streaming Add-On has a security vulnerability,...

PT-2026-26682

Name of the Vulnerable Software and Affected Versions Kali Forms versions prior to 2.4.9 Description The Kali Forms plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 2.4.9. This is due to the prepare post data function mapping user-supplied keys directly...

Git MCP Server 操作系统命令注入漏洞

Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...

Apple Multiple Products Improper Locking Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes...

Embedded Malicious Code

Overview @emilgroup/process-manager-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released...

CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan...

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

Improper Validation of Specified Quantity in Input

Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the DocTypeReader component when the maxEntityCount or maxEntitySize configurati...

CVE-2026-26939

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26939

CVE-2026-26939 affects Kibana’s server-side Detection Rule Management. Missing Authorization (CWE-862) could allow an authenticated attacker with rule management privileges to configure Unauthorized Endpoint Response Actions (host isolation, process termination, process suspension). Root cause an...

CVE-2026-26939

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...