SUSE CVE-2026-43402

In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...

OSV-2026-717 Stack-use-after-scope in enter_block_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511831392 Crash type: Stack-use-after-scope READ 4 Crash state: enterblockcallback mdprocessallblocks mdparse...

PT-2026-39974

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb handle slek payment redirect function placing the merchant's slek key and slek secret API credentials directly into a client-side HTML form, and additionally embeddin...

PT-2026-40532

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

GHSA-G8F2-4F4F-5JQW SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

GHSA-G588-CJG3-6G78 Steamworks game clients/servers using P2P authentication vulnerable to denial of service

Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities were caused by incorrect message classification in the Feixi Card operation callback, which could allow attackers to...

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

pocxgen-agent

PoCXGen Agent An LLM-orchestrated multi-agent pipeline for au...

EUVD-2026-28911

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

CVE-2026-8187 Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

SUSE CVE-2025-38130

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the pluggedcb with NULL as the callback function and codecdev, as seen in its hdmiremove function. The HDMI...

Mistune Heading ID Attribute has Injection XSS

Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...

GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS

Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...

Open5GS 资源管理错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a resource management vulnerability. This vulnerability stems from operations performed by the gtpv1urecvcb function in th...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

GHSA-WQFH-GQ79-J8MF free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business...

EUVD-2026-28766

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...