848 matches found
The Agentic Security Crisis: Why You Need to Act Now
...
PT-2026-24619
Summary The /studiocms api/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target...
EUVD-2026-9930
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-28485
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-28485
OpenClaw has a vulnerability identified as CVE-2026-28485 affecting versions 2026.1.5 prior to 2026.2.12. The issue is that the /agent/act browser-control HTTP route does not enforce mandatory authentication, permitting unauthorized local callers to invoke privileged browser-context actions and a...
PT-2026-23559
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.5 through 2026.2.11 Description The software does not enforce mandatory authentication on the /agent/act browser-control HTTP route. This allows unauthorized local callers to invoke privileged operations. Remote...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 contained a access control vulnerability. This vulnerability stemmed from the lack of forced authentication for HTTP routing control in the /agent/act browser. It could allow remote attackers on t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005574)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005574 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookupatid The lookupatid function can return NULL if the ATID i...
CERTFR-2026-ACT-008
creationtimestamp| type| source ---|---|--- 2026-02-23 14:04:04+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116120318282447958 2026-02-23 14:04:06+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mfjsz6k6gz2k...
Child exploitation, grooming, and social media addiction claims put Meta on trial
Meta is facing two trials over child safety allegations in California and New Mexico. The lawsuits are landmark cases, marking the first time that any such accusations have reached a jury. Although over 40 state attorneys general have filed suits about child safety issues with social media, none...
CERTFR-2026-ACT-006
creationtimestamp| type| source ---|---|--- 2026-02-09 14:11:32+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3megmvo2ddj22 2026-02-09 14:11:36+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116041075350640073 2026-02-09 15:34:27+00:00| seen|...
CVE-2026-22038
CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...
UBUNTU-CVE-2026-23064
In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...
TikTok narrowly avoids a US ban by spinning up a new American joint venture
TikTok may have found a way to stay online in the US. The company announced late last week that it has set up a joint venture backed largely by US investors. TikTok announced T ikTok USDS Joint Venture LLC on Friday in a deal valued at about $14 billion , allowing it to continue operating in the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005091)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005091 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: fix possible infinite loop in tcfidrcheckalloc syzbot found hanging tasks...
CVE-2025-68073
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...
CVE-2026-22987
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...
Linux Distros Unpatched Vulnerability : CVE-2026-22987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an...
CERTFR-2026-ACT-002
creationtimestamp| type| source ---|---|--- 2026-01-19 13:47:14+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mcrrqv3oq52n 2026-01-19 13:47:18+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115922071296350254 2026-01-19 15:35:49+00:00| seen|...