EUVD-2026-27279

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

EUVD-2026-21035

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

GHSA-HC5H-PMR3-3497 OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation

Summary The /pair approve command path called device approval without forwarding caller scopes into the core approval check. Impact A caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access. Affected...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003759 advisory. In driveroverridestore and driveroverrideshow of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege wit...

OESA-2025-2876 usbmuxd security update

usbmuxd is a socket daemon to multiplex connections from and to iOS devices.It allows multiple services on the device to be accessed simultaneously. Security Fixes: A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before...

Opto 22 groov View

RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

PT-2025-46916

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7 Description grist-core is a spreadsheet hosting server. A user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged...

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

PostgreSQL Anonymizer Security Vulnerability

PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases. A security vulnerability exists in PostgreSQL Anonymizer version v1.2 that originates from allowing a user who owns a table to be promoted...

UNISOC chipset 安全漏洞

UNISOC chipset is an integrated circuit chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC chipsets SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T610, T618, T606, T612, T616, T760, T770, T820, S8000, which originates from a lack of privilege checking in t...

PT-2022-19370 · Openrazer +1 · Openrazer +1

Name of the Vulnerable Software and Affected Versions: OpenRazer versions up to v3.3.0 Description: A buffer overflow issue exists in the razeraccessory driver, allowing attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrix custo...

PT-2020-6970 · Kubernetes +2 · Kubernetes Kube-Apiserver +3

Name of the Vulnerable Software and Affected Versions: Kubernetes kube-apiserver versions v1.6 through v1.15 Kubernetes kube-apiserver versions prior to v1.16.13 Kubernetes kube-apiserver versions prior to v1.17.9 Kubernetes kube-apiserver versions prior to v1.18.6 Description: The issue is relat...

CVE-2019-5420

CVE-2019-5420 affects Ruby on Rails in development mode where the secret token used to secure sessions is guessable, enabling potential RCE via Rails internals. Connected exploits demonstrate deserialization/RCE vectors dependent on a guessed development secret base. Vulnerable condition: running...