CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

GHSA-H43V-27WG-5MF9 OpenClaw: Forged Nostr DMs could create pairing state before signature verification

Summary Before OpenClaw 2026.3.31, the Nostr DM ingress path could issue pairing challenges before validating the event signature. A forged DM could create a pending pairing entry and trigger a pairing-reply attempt before signature rejection. Impact An unauthenticated remote sender could consume...

CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

Authentication Logic Error Vulnerability in Weetop CMS Backend

Weetop CMS is a web content management system developed by Hangzhou Tintop Technology Co. Weetop CMS V2.0 has an authentication logic error vulnerability in the login function, as a login session is created before a successful login. An attacker can successfully access the backend by performing...