CVE-2026-41388

OpenClaw advisory CVE-2026-41388 affects openclaw (npm) prior to 2026.3.31. The issue is a configuration management vulnerability where startup migration treats empty-array settings as missing values, allowing an attacker to restart the application and rehydrate revoked Tlon configuration from fi...

CLSA-2026-1777387432 buildah: Fix of CVE-2026-34986

CVE-2026-34986: fix go-jose panic on JWE decryption when encryptedkey field is empty...

MINI-H87X-WMHR-8G5G

Bulletin has no description...

MINI-937F-8P63-497J

Bulletin has no description...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from configuration management issues, where the migration process incorrectly treated empty arrays as missin...

PT-2026-35773

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A configuration management issue exists where startup migration treats empty-array settings as missing values. This allows attackers to restart the application to rehydrate revoked Tlon...

MINI-HM38-679P-8V4P

Bulletin has no description...

JLSEC-2026-240 Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty...

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

JLSEC-2026-252 Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported...

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

CVE-2026-35903

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sa...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014358)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014358 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in...

GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

CLSA-2026-1777051205 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

BELL-CVE-2026-31567 CVE-2026-31567 does not affect BellSoft software

Bulletin has no description...

OESA-2026-2084 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

GHSA-6X2Q-H3CR-8J2H Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware

Summary There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to hold a constant-time fallback secret always resolves to an empty string, causing the constant-tim...

CVE-2026-35380

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...