Astra Linux - уязвимость в wpa

In Hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker who has successfully bootstrapped public keys with another entity using PKEX in the past will be able to subvert future bootstrapping attempts by passively observing the public keys. By...

CVE-2026-41387 OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitization

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation vulnerability, where the bootstrapping code was not bound to the intended devic...

Fedora 45 : pypy (2026-ae330775b9)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae330775b9 advisory. JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869 Tenable has extracted the preceding description blo...

LightGuard: Transparent WiFi Security Via Physical-Layer LiFi Key Bootstrapping

WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.13 contained security vulnerabilities. These vulnerabilities stemmed from replayable bootstrapping code during device pairing verification. This allowed attackers to repeatedly...

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

EUVD-2026-9934

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

CVE-2026-29610

OpenClaw CVE-2026-29610 affects versions prior to 2026.2.14. It describes a command hijacking flaw where PATH manipulation during node-host execution or project-local bootstrapping allows placing malicious executables to override allowlisted safe-bin commands, leading to arbitrary command executi...

GHSA-JQPQ-MGVM-F9R6 OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)

Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...

PT-2026-23563

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is susceptible to a command hijacking issue. Attackers can execute unintended binaries by manipulating the PATH environment variable through node-host execution or project-local...

Eclipse Attacks on Ethereum'S Peer-To-Peer Network

Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...

PP-STAT: an Efficient Privacy-Preserving Statistical Analysis Framework Using Homomorphic Encryption

With the widespread adoption of cloud computing, the need for outsourcing statistical analysis to third-party platforms is growing rapidly. However, handling sensitive data such as medical records and financial information in cloud environments raises serious privacy concerns. In this paper, we...

FIDESlib: a Fully-Fledged Open-Source FHE Library for Efficient CKKS on GPUs

Word-wise Fully Homomorphic Encryption FHE schemes, such as CKKS, are gaining significant traction due to their ability to provide post-quantum-resistant, privacy-preserving approximate computing; an especially desirable feature in Machine-Learning-as-a-Service MLaaS cloud-computing paradigms...

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

DEBIAN-CVE-2022-37660

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the...