CVE-2026-44995

OpenClaw contains an environment variable validation flaw in the MCP stdio server configuration before version 2026.4.20, allowing local attackers to inject code via startup variables such as NODE_OPTIONS, LD_PRELOAD, or BASH_ENV passed to spawned MCP server processes. The vulnerability is catego...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...

EUVD-2026-29078

Angular Expressions - Remote Code Execution using filters...

Eval Injection

Overview org.webjars.npm:angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Eval Injection when using filters. An attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the intended...

CVE-2026-44643

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

LiteLLM has a sandbox escape in custom-code guardrail

Impact The POST /guardrails/testcustomcode endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image. Reaching the endpoint...

SUSE CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

Arbitrary Code Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the envs.name field in the configuration file during Dockerfile generation. An attacker can execute arbitrary commands on the build host by crafti...

GHSA-9MQQ-JQXF-GRVW PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

GROWI vulnerable to path traversal

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

mingw-libtiff security update

An update is available for mingw-libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff package contains a library of functions for manipulating TI...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

Important: Red Hat Security Advisory: openexr security update

An update for openexr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...