Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1455)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1455 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields CVE-2025-38591 In the Linux kernel, the following vulnerability has been...

CVE-2026-3094

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

EUVD-2025-208295

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2026-062-01)

The version of python3 installed on the remote host is prior to 3.12.13 / 3.9.25. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-062-01 advisory. New python3 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

CVE-2025-41257

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

CVE-2025-41257 Suprema BioStar 2 Insecure Password Change

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

CVE-2025-41257 Suprema BioStar 2 Insecure Password Change

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

CVE-2019-25503

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

EUVD-2026-9386

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2026-3094

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, guest management, and video log maintenance. A security vulnerability exists in the version 2.2.9.11.6 of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005505 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005710 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

PT-2026-22885

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description Delta Electronics CNCSoft-G2 does not properly validate user-supplied files. An attacker can exploit this by having a user open a malicious file, potentially leading to...

PT-2026-23078

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005573 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in...

Slackware: Security Advisory (SSA:2026-062-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.25-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues. For details, see...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via system.run when a mutable symlink is used as the cwd target between approval and execution. An attacker can execute commands in an...

GHSA-MWCG-WFQ3-4GJC OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Summary In [email protected], approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution. Details Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used...