CVE-2026-5312 D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

CVE-2026-5271 Possible to hijack modules in current working directory

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

EUVD-2026-17911

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. This could lead to modules getting shadowed...

CVE-2026-5271

CVE-2026-5271 concerns the Python tool pymanager, where the current working directory is added to sys.path. The underlying issue is that modules in the attacker-controlled directory can shadow intended packages, enabling a malicious module to be imported and executed when pymanager-generated comm...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

GHSA-8RH7-6779-CJQQ OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover

Summary OpenClaw loaded the current working directory .env before trusted state-dir configuration, allowing untrusted workspace state to inject host environment values. Impact A repository or workspace containing a malicious .env file could override runtime configuration and security-sensitive...

OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover

Summary OpenClaw loaded the current working directory .env before trusted state-dir configuration, allowing untrusted workspace state to inject host environment values. Impact A repository or workspace containing a malicious .env file could override runtime configuration and security-sensitive...

Python Install Manager 安全漏洞

Python Install Manager is an open-source installation management tool for Python. Python Install Manager has a security vulnerability that stems from including the current working directory in the sys.path, which may allow malicious modules to be imported from a directory controlled by the attack...

Slackware: Security Advisory (SSA:2026-090-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] xz

New xz packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xz-5.2.13-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fix a buffer overflow in lzmaindexappend. Fix invalid memory...

[SECURITY] Fedora 44 Update: insight-18.0.50.20260306-2.fc44

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2258 Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.56-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Use-after-free via pointer aliasing in pngsettRNS and...

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.2-i586-1slack15.0.txz: Upgraded. Fixed missing security fixes in the 1.16.1 release. Security fix Where to find the new...

happy-dom 安全漏洞

Happy-Dom is a JavaScript implementation of a web browser without a graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.9 contained a security vulnerability. This vulnerability stemmed from the fetch function, which might attach cookies originating from the current...

Slackware: Security Advisory (SSA:2026-085-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenClaw may have stale policy enforcement for queued node actions

Summary Queued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...