PT-2026-48981

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...

Linux Distros Unpatched Vulnerability : CVE-2026-44487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios's Node.js HTTP adapter may forward a Proxy-Authorization...

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

Linux Distros Unpatched Vulnerability : CVE-2026-44486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios' Node.js HTTP adapter can leak proxy credentials to a redire...

CVE-2026-44489

A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype pollution vulnerability, which occurs when nested objects are created without proper checks, allowing an attacker to inject malicious properties into Object.prototype. This vulnerability specifical...

CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

MAL-2026-5679 Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...

CVE-2026-50005

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12008

CVE-2026-12008 : In Google Chrome, a Use-after-free in DigitalCredentials (pre-149.0.7827.115) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The Chrome Stable update (149.0.7827.114/115 for Windows/Mac; 149.0.7827...

CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-6250

The CVE-2026-6250 entry documents an authenticated format-string vulnerability in the ONVIF service of the TP-Link Tapo C110 v2. The issue arises from improper handling of user-controlled input, where externally controlled data is interpreted as a format string. This allows an authenticated remot...

CVE-2026-53817 OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

CVE-2026-53817 OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

EUVD-2026-36323

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

EUVD-2026-36310

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

CVE-2026-50005 Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...