CVE-2026-0135

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0135

CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...

CVE-2026-0132

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0132

CVE-2026-0132 concerns the Modem component. The connected documents describe a vulnerability where an out-of-bounds write occurs due to a heap buffer overflow, enabling remote code execution with no additional privileges and no user interaction required. The CVSS metrics indicate network attack v...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0126

In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...

kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

CVE-2026-53865

CVE-2026-53865 : OpenClaw prior to 2026.5.2 has a path traversal bug in maintenance task execution that lets workspace-derived service paths influence the trash command. An attacker can run unintended local executables from operator-unintended paths by manipulating environment paths during mainte...

CVE-2026-53858

OpenClaw (pre-2026.5.2) is affected by CVE-2026-53858: an environment variable injection flaw where the workspace .env STATE_DIRECTORY can influence bundled runtime dependency roots. An attacker can manipulate STATE_DIRECTORY to load runtime dependencies from unintended local paths, potentially e...

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

CVE-2026-53855

OpenClaw prior to 2026.4.2 is vulnerable to an inline-eval bypass through shell positional parameters, allowing authenticated operators to weaken strict allowlist checks. Attackers can combine allowlisted tools with shell positional arguments to inject inline-eval content into shell carriers that...

CVE-2026-53853

OpenClaw

CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...

CVE-2026-53846

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager execut...

CVE-2026-53842

OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...

CVE-2026-48775

LangGraph SQLite Checkpoint (JsonPlusSerializer) is vulnerable in 4.1.0 and earlier due to unsafe deserialization of JSON checkpoint payloads. If an unauthorized party can modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the appl...

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. Patches The issue has bee...

GHSA-V5FF-9Q35-Q26F Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...