CVE-2026-33783

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

CVE-2026-33783 Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

CVE-2026-33783

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

CVE-2026-33783 Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

CVE-2026-35626

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

PT-2026-31762

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

Injection immutable Dependency in Confluence Data Center

This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006826)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006826 advisory. In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtvvideofree Remove locks calls in usbtvvideofree because...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006779 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock smpcallfunction always runs its callback in hard IR...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006686 advisory. In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following comman...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006654 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

OpenClaw Access Control Error Vulnerability (CNVD-2026-16623)

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...

Juniper Junos OS Vulnerability (JSA107870)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107870 advisory. - A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticate...

PYSEC-2026-60

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison in the FunctionCall.Decode function. An attacker can cause a crash on 64-bit machine by sending a null argument in a FunctionCall response from PostgreSQL server since the intermediate int32 cast is absent in Decode...

CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...