Oracle Linux 10 : pcs (ELSA-2026-10713)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-10713 advisory. 0.12.1-1.el101.3 - Fixed CVE-2026-4800 by updating HA Cluster Management add-on to 0.1.23.2 Resolves: RHEL-164062 Tenable has extracted the preceding...

OPENSUSE-SU-2026:10656-1 java-1_8_0-openjdk-1.8.0.492-1.1 on GA media

These are all security issues fixed in the java-180-openjdk-1.8.0.492-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10658-1 python311-pypdf-6.10.2-2.1 on GA media

These are all security issues fixed in the python311-pypdf-6.10.2-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10654-1 google-guest-agent-20260402.00-2.1 on GA media

These are all security issues fixed in the google-guest-agent-20260402.00-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-37377

Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key incorrectly match usernames containing a NUL character with truncated usernames. A remote attacker can exploit this by sendi...

PT-2026-35956

Name of the Vulnerable Software and Affected Versions MongoDB Server versions 8.2 MongoDB Server versions 8.1 MongoDB Server versions prior to 8.0.21 MongoDB Server versions prior to 7.0.32 Description Computing the MD5 checksum of a malformed BSON Binary JSON object under specific conditions may...

OPENSUSE-SU-2026:10653-1 arianna-26.04.0-2.1 on GA media

These are all security issues fixed in the arianna-26.04.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41408

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

EUVD-2026-26115

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

CVE-2026-41408

CVE-2026-41408 concerns OpenClaw before 2026.3.31, where a resource-exhaustion flaw in media downloads bypasses safety limits for file size, count, and cleanup, enabling potential disk-space exhaustion and availability impact. The advisory notes this is an availability-risk issue (low to medium s...

EUVD-2026-26107

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...

OPENSUSE-SU-2026:10643-1 php-composer2-2.9.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10629-1 PackageKit-1.3.5-1.1 on GA media

These are all security issues fixed in the PackageKit-1.3.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-35791

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A resource exhaustion issue exists in media downloads that bypasses core safety limits regarding file size, count, and cleanup operations. This allows attackers to exhaust disk space by...

OPENSUSE-SU-2026:10635-1 hauler-1.4.2-1.1 on GA media

These are all security issues fixed in the hauler-1.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10649-1 sed-4.10-1.1 on GA media

These are all security issues fixed in the sed-4.10-1.1 package on the GA media of openSUSE Tumbleweed...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from accepting unlimited concurrent unauthenticated WebSocket upgrades, which could allow unauthenticated...