PT-2026-31961

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a flaw in its handling of environment variable overrides. Inconsistent sanitization paths allow attackers to bypass shared host environment policies by supplying blocked or...

River Past CamDo 缓冲区错误漏洞

River Past CamDo is a screen recording and camera capture tool developed by River Past Corporation. Version 3.7.6 of River Past CamDo contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the structured exception handler, which may allow local attackers to...

Zen C 缓冲区错误漏洞

Zen C is a modern system programming language developed by z-libs. Versions of Zen C prior to 0.4.4 contained a buffer error vulnerability. This vulnerability stemmed from a stack-based buffer overflow in the compiler, which could lead to compiler crashes or the execution of arbitrary code...

PT-2026-28221

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege...

CVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

OpenClaw Arbitrary Code Execution Vulnerability (CNVD-2026-16394)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to execute an attacker-controlled binary...

Canva Affinity Type Obfuscation Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. A type confusion vulnerability exists in Canva Affinity, which can be exploited by an attacker to cause a specially crafted EMF file to trigger memory corruption and execute arbitrary code...

Nsasoft Nsauditor 缓冲区错误漏洞

Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.0.28.0 contains a buffer error vulnerability, which stems from buffer overflows during structured exception handling. This vulnerability could allow for the execution of arbitra...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from issues with the /parser/dwoo component. Attackers can execute arbitrary code through specially crafted PHP code...

AlmaLinux 9 : vim (ALSA-2026:5602)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5602 advisory. vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 Tenable has extracted the preceding description block directly from the AlmaLinu...

RHEL 10 : freerdp (RHSA-2026:5936)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5936 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

ALSA-2026:5913 Moderate: ncurses security update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

ALSA-2026:5939 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

RHEL 10 : freerdp (RHSA-2026:5939)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5939 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

CVE-2026-30457

CVE-2026-30457 affects Daylight Studio FuelCMS v1.5.2 in the internal /parser/dwoo component. The issue allows attackers to execute arbitrary PHP code through crafted PHP input, indicating a code-execution vulnerability with a high impact. The available sources identify the affected software/vers...

[SECURITY] [DSA 6178-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6178-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 25, 2026 https://www.debian.org/security/faq -...

Plexus-Utils has a Directory Traversal vulnerability in its extractFile method

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

DEBIAN-CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...