103 matches found
PT-2026-47621
Name of the Vulnerable Software and Affected Versions Nebula-Mesh versions prior to 0.3.4 Description An authorization gap in the /api/v1/ route surface allows non-admin operators to obtain broad cross-tenant access. The API trusts the bearer token for authorization without enforcing ownership...
SUSE CVE-2026-45909
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
EUVD-2026-32375
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
CVE-2026-45909 clk: mediatek: Drop __initconst from gates
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
CVE-2026-45909
CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...
CVE-2026-45909
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
PT-2026-43776
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtk clk register gate to use mtk gate struct" the mtk gate structs are no longer just used for initialization/registration, but...
CVE-2026-45909
clk: mediatek: Drop initconst from gates...
EUVD-2026-29954
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support
Engineering managers increasingly must decide how to introduce generative artificial intelligence AI, retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this stu...
SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response
Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...
CVE-2026-43571
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: visconti: preventing array overflow in visconticlkregistergates This code used -1 to indicate that there was no reset function. Unfortunately, -1 was stored as a u8 value, causing the condition if clksi.rsid = 0 to always be...
CVE-2026-41367
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...
EUVD-2026-25947
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...
PT-2026-35555
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...
authorized-pentest
authorized-pentest A runbook-style Claude Code skill for runn...
Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain
Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...