CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

CVE-2026-41910 OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes

OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...

PT-2026-34265

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.421 Description RadAsyncUpload contains an uncontrolled resource consumption issue. This occurs because of missing cumulative size enforcement during chunk reassembly, which allows file uploads to...

CVE-2025-59108

CVE-2025-59108 affects the web interface of the dormakaba Access Manager. The issue is a weak/default password policy: the password is set to 'admin' by default and, in tested versions, changing it is not enforced, enabling unauthenticated access to the web UI. According to the available sources,...

CVE-2025-59108 Weak Default Passwords in dormakaba access manager

By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...

nova: qpid SSL configuration

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...