CVE-2026-27632

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

EUVD-2026-8576

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

PT-2026-21916

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer...

OPENSUSE-SU-2026:10241-1 cacti-1.2.30+git231.bca15e70c-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git231.bca15e70c-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

The CVE-2025-61147 entry concerns strukturag libde265 where a segmentation fault was found in decoder_context::compute_framedrop_table() due to commit d9fea9d. Connected docs indicate this is addressed by patches in Root (rootio-libde265) for Root:Debian:12/13 and multiple fixed versions, and Ast...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

CVE-2026-2863

The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...

CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...

CVE-2025-15586

OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password...

CVE-2026-26323 OpenClaw has a command injection in maintainer clawtributors updater

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

CVE-2026-26323

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

GO-2026-4361 Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft

Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft...

CVE-2025-15586

OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password...

CVE-2025-15586

OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password...

CVE-2025-15586

OpenGamePanel (OGP-Website) is affected by a type juggling flaw in PHP comparisons present in commits prior to 52f865a4fba763594453068acf8fa9e3fc38d663. If exploited, this can enable authentication bypass without knowledge of the victim’s password. Public references (Red Hat CVE page, NVD entry, ...