PT-2026-20593

Name of the Vulnerable Software and Affected Versions OpenGamePanel versions prior to git commit 52f865a4fba763594453068acf8fa9e3fc38d663 Description A type juggling flaw exists in OpenGamePanel. Exploitation of this flaw can lead to authentication bypass without requiring knowledge of the victim...

CVE-2025-8860

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the update-clawtributors.ts script. An attacker can execute arbitrary system commands by introducing a malicious commit author email that is processed and interpolat...

OpenClaw has a command injection in maintainer clawtributors updater

Summary Command injection in the maintainer/dev script scripts/update-clawtributors.ts. Impact Affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicious commit author email e.g. crafted @users.noreply.github.com values. Norma...

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...

CVE-2026-2550

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

PT-2026-20300

Name of the Vulnerable Software and Affected Versions OpenS100 versions prior to commit 753cf29 Description The software contains a remote code execution issue due to an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL openlibs without sandboxing or capability...

kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling

A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

CVE-2026-2550

The CVE-2026-2550 entry concerns EFM iptime A6004MX (v14.18.2). Affected is the function commit_vpncli_file_upload in /cgi/timepro.cgi, which enables unrestricted file upload. Exploitation is possible remotely and publicly disclosed. Public references from multiple sources corroborate the unrestr...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

Favia: Forensic Agent for Vulnerability-Fix Identification and Analysis

Identifying vulnerability-fixing commits corresponding to disclosed CVEs is essential for secure software maintenance but remains challenging at scale, as large repositories contain millions of commits of which only a small fraction address security issues. Existing automated approaches, includin...

CVE-2025-69806

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server...

CVE-2025-69806

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server...

PT-2026-7866

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server...

CVE-2025-69806

CVE-2025-69806 affects p2r3 Bareiron (server). The issue is an Out-of-bounds Read caused by commit 8e4d4020d, enabling unauthenticated remote attackers to cause information leakage by sending a crafted packet to the server. Severity is High (CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,...

[SECURITY] Fedora 42 Update: sad-0.4.32-4.fc42

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

CVE-2026-26009

CVE-2026-26009 affects the Catalyst platform used for enterprise game server hosting, game communities, and billing panel integrations. The issue arises because install scripts defined in server templates run on the host OS via bash -c without sandboxing or containerization. Any user with templat...