EUVD-2026-28168

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

CVE-2026-33597 PRSD detection denial of service

PRSD detection denial of service...

EUVD-2025-38213

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

EUVD-2010-4767

Malware in sbrugna...

EUVD-2024-49349

Malicious code in bioql PyPI...

GHSA-P9W7-82W4-7Q8M Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Malicious File Parsing

@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...

CVE-2010-5158

Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

CVE-2010-5152

Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

CVE-2025-26644

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally...

DEBIAN-CVE-2024-56326

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2024-9469

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity...

The vulnerability of the threat detection mechanism for Microsoft Defender for IoT, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Defender for IoT threat detection mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...

CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue...

AZL-43897 CVE-2012-6708 affecting package python-httplib2 0.20.3-3

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

Plug-in content may monitor keystrokes on unrelated pages – Opera Security Advisories

Plug-ins may use operating system features to detect key presses when the plug-in is focused. If the plug-in does not detect its own focused state correctly, it can detect key presses when other pages are focused, allowing the plug-in content to detect key presses intended for pages from other...