CVE-2026-53857

OpenClaw before 2026.5.3 is vulnerable: the policy enforcement flaw allows Zalo display-name changes to influence allowFrom policy matching, causing attackers with mutable display names to receive responses intended for other Zalo identities when the feature is enabled. Affected product: OpenClaw...

PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...

SUSE CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

PT-2013-4913 · Red Hat · Red Hat Enterprise Virtualization

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization versions 3 and 3.2 Description: The issue allows privileged guest users to cause the host to become unavailable to the management server by sending a guest agent response containing invalid XML characters. Th...