OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities were caused by incorrect message classification in the Feixi Card operation callback, which could allow attackers to...

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

pocxgen-agent

PoCXGen Agent An LLM-orchestrated multi-agent pipeline for au...

EUVD-2026-28911

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

CVE-2026-8187 Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

SUSE CVE-2025-38130

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the pluggedcb with NULL as the callback function and codecdev, as seen in its hdmiremove function. The HDMI...

Mistune Heading ID Attribute has Injection XSS

Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...

GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS

Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...

Open5GS 资源管理错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a resource management vulnerability. This vulnerability stems from operations performed by the gtpv1urecvcb function in th...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

GHSA-WQFH-GQ79-J8MF free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business...

EUVD-2026-28766

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...

EUVD-2026-28610

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

EUVD-2026-28611

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43402

In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...

UBUNTU-CVE-2026-43402

In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...

CVE-2026-43460 spi: rockchip-sfc: Fix double-free in remove() callback

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...

CVE-2026-43460

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...