SUSE CVE-2026-43152

In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used...

CVE-2026-43152

In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used...

CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

CVE-2026-41386

OpenClaw is affected by a privilege-escalation vulnerability in bootstrap pairing where unbound bootstrap setup codes can be misassociated with device roles/scopes. Affected software: openclaw (npm). Vulnerable versions are

DEBIAN-CVE-2026-40556

Bulletin has no description...

CVE-2026-40556

...

EUVD-2026-26053

GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...

PT-2026-35771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description An issue exists where bootstrap setup codes are not bound to intended device roles and scopes during pairing. This allows attackers to escalate privileges beyond their intended role and scope...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via channels.imessage.remoteHost. An attacker can execute arbitrary commands or intercept sensitive data by exploiting trust-on-first-use SSH host key...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

OpenMQ 安全漏洞

OpenMQ is a Java EE open-source message flow middleware. There is a security vulnerability in OpenMQ. This vulnerability arises from the default use of administrator credentials and the lack of a requirement to change the password during the first use. This could allow a remote attacker to obtain...

MiracleLinux 7 : nautilus-3.22.3-4.el7 (AXSA:2018-2543:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2543:01 advisory. An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the...

Linux Distros Unpatched Vulnerability : CVE-2023-53070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent Commit 0c80f9e165f8...

CVE-2024-1052

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

UBUNTU-CVE-2024-7883

When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...