EUVD-2026-27857

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

CVE-2026-20185

Cisco SG350 and SG350X Series Managed Switches are affected by a vulnerability in the SNMP subsystem (CVE-2026-20185). The issue stems from improper error handling when parsing response data for a specific SNMP request, which could allow an authenticated, remote attacker to cause a DoS condition ...

CVE-2026-43114

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...

CVE-2026-43114

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...

Cisco 350X Series和Cisco 350 Series 安全漏洞

The Cisco 350X Series and Cisco 350 Series are a series of enterprise-class stackable Ethernet switches from the American company Cisco. There are security vulnerabilities in both the Cisco 350X Series and Cisco 350 Series. These vulnerabilities stem from improper error handling when parsing...

PT-2026-37654

Name of the Vulnerable Software and Affected Versions Cisco 350 Series Managed Switches SG350 affected versions not specified Cisco 350X Series Stackable Managed Switches SG350X affected versions not specified Description An issue in the Simple Network Management Protocol SNMP subsystem occurs du...

GHSA-Q8FF-7FFM-M3R9 OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Summary OpenClaw webhooks allowed route secrets to be backed by SecretRef values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran openclaw secrets reload, the previous resolved webhook secret could remain valid until the plugin or gateway...

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Summary OpenClaw webhooks allowed route secrets to be backed by SecretRef values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran openclaw secrets reload, the previous resolved webhook secret could remain valid until the plugin or gateway...

CVE-2026-4409

The CVE-2026-4409 entry concerns the WordPress plugin Subscribe To Comments Reloaded. Affected: the plugin across all versions up to and including 240119. Root cause: leaked secret key combined with a weak hash generation algorithm enables unauthorized data modification. Impact: unauthenticated a...

CVE-2026-41263

A flaw was found in Traefik. A remote attacker can exploit a timing side-channel vulnerability in Traefik's BasicAuth middleware. This flaw allows an attacker to enumerate valid usernames by observing differences in authentication response times. The vulnerability arises because a constant-time...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: core: The /proc/scsi/$procname directory was removed earlier. Removing this directory helps to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – Fixed a kernel crash that occurred when devlink reloaded during pf initialization. The devlink reloading process will access hardware resources, but the register operations are performed before the hardware is...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fixed a kernel crash that occurred when devlink reloaded during initialization. The devlink reloading process will access hardware resources, but the register operations are performed before the hardware is initialized...

CVE-2026-31782

A flaw was found in the Linux kernel's performance monitoring unit perf/x86 component. This vulnerability occurs when the auto counter reload feature processes certain event groups, potentially causing an out-of-bounds memory read. An attacker could exploit this to gain unauthorized access to...

Cisco Firepower Threat Defense (FTD) Software ESP Packet Processing DoS (cisco-sa-asaftd-esp-dos-uv7yD8P5)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Applian...

Cisco Firepower Threat Defense (FTD) Software SSL Decryption Policy DoS (cisco-sa-ftd-dnd-dos-bpEcg7B7)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated,...

CVE-2026-41916

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

CVE-2026-41916

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

CVE-2026-41916

OpenClaw vulnerability CVE-2026-41916 affects the OpenClaw npm package prior to 2026.4.8. The issue is an authentication state management flaw where the resolvedAuth closure becomes stale after a configuration reload, causing newly accepted gateway connections to continue using an outdated authen...

CVE-2026-41916 OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...