CVE-2026-3545

Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.25 packages and security update

Red Hat OpenShift Container Platform release 4.19.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

Exploit for Type Confusion in Apple Ipados

Coruna Exploit Kit - Deobfuscated CVE-2024-23222 HEAVILY B...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.50 packages and security update

Red Hat OpenShift Container Platform release 4.17.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

CVE-2026-28776

Summary of the vulnerability (CVE-2026-28776) : IDC SFX2100/SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the logical monitor user. A remote, unauthenticated attacker can use these trivial, undocumented credentials to access the device via SSH, initially in a restricte...

CVE-2026-27905

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the transform module path resolution process. An attacker can execute arbitrary JavaScript code with gateway-process privileges by causing a symlinked entry t...

OpenClaw hook transform path containment missed symlink-resolved escapes

Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...

GHSA-659F-22XC-98F2 OpenClaw hook transform path containment missed symlink-resolved escapes

Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...

OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

RLSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions prior to 145.0.7632.159 had a security vulnerability due to insufficient data validation in Navigation. This vulnerability could allow remote attackers to execute a sandbox escape through a specially crafted HTML page...

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

PT-2026-23056

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.159 Description A flaw exists in Google Chrome’s Navigation feature due to inadequate data validation. This could allow a remote attacker to potentially escape the sandbox through a specially crafted...

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure through improper validation of the docker.network configuration parameter. An attacker can gain unauthorized access to internal network resources by specifyin...

GHSA-FGVX-58P6-GJWC OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...