SUSE-SU-2026:0977-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

SUSE-SU-2026:0976-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

USN-8095-4: Linux kernel (AWS) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

USN-8095-4 linux-aws-6.8 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...

CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...

USN-8096-5 linux-nvidia-tegra-igx vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

USN-8096-5: Linux kernel (NVIDIA Tegra IGX) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

EUVD-2026-14385

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device...

CVE-2026-3587

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...

PT-2026-27066

Name of the Vulnerable Software and Affected Versions WAGO Lean Managed Switch 852-1812 and other WAGO products versions prior to a fix for CVE-2026-3587 Description An unauthenticated remote attacker can exploit a hidden function within the Command Line Interface CLI prompt to bypass the...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox escape vulnerability that can be exploited by an attacker to cause a bypass of sandbox restrictions...

PT-2026-27223

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

Advisory ROSA-SA-2026-3225

software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...

SUSE CVE-2026-4439

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-4447

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-4451

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-13955

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...