EUVD-2026-25415

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

CVE-2026-6043

CVE-2026-6043 pertains to P4 Server: versions prior to 2026.1 ship with insecure default configurations that, when exposed to untrusted networks, enable unauthenticated attackers to (1) create arbitrary user accounts, (2) enumerate existing users, (3) authenticate to accounts with no password, an...

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

[SECURITY] Fedora 44 Update: PackageKit-1.3.4-3.fc44

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

CVE-2026-33208

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

EUVD-2026-25341

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

GNU Privacy Guard 2.5.19

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the sevmemencregisterregion function in KVM SEV. When this function checks sevguest, it does not hold...

PT-2026-37181

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.10 Description The budibase:auth cookie, which contains the JWT session token, is configured with httpOnly: false in the packages/backend-core/src/utils/utils.ts file. This allows JavaScript to access the cookie...

PT-2026-34875

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

Linux Distros Unpatched Vulnerability : CVE-2026-31568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context f...

PT-2026-34913

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86 CR4 FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the sevpinmemory function in KVM SEV, where the int type’s pages parameter is not properly...

PT-2026-34920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the s390 architecture memory management where secure storage access exceptions occur in a kernel context for pages lacking the PG arch 1 bit. This bit is absent on...

PT-2026-34945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM component regarding SEV Secure Encrypted Virtualization. The system fails to reject attempts to synchronize the vCPU state to its associated VMSA Virtual Machi...

PT-2026-34943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV component where vCPUs are not locked during the synchronization and encryption of VMSAs for SNP guests. If userspace manipulates or runs a vCPU while its...

CVE-2026-41357

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

CVE-2026-41357

OpenClaw is affected by an environment variable leakage in SSH sandbox backends prior to version 2026.3.31. The issue arises when unsanitized process.env is passed to child processes, enabling leakage of sensitive environment variables through non-default SSH environment forwarding configurations...