Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006646 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix refcount leak in a6xxgpuinit ofparsephandle returns a node pointer with refcoun...

ROS-20260408-73-0003

A vulnerability in the adfdevshutdown function of the drivers/crypto/intel/qat/qatcommon/adfinit.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...

CVE-2026-32862

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2026-32862 Out-of-Bounds Write in ResFileFactory::InitResourceMgr()

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching

Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the exec allowlist component. An attacker can execute unauthorized scripts by leveraging shell init-file options such as --rcfile, --init-file, or...

OpenClaw: Shell init-file options could satisfy exec allowlist script matching

Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...

CVE-2026-35523

CVE-2026-35523 affects Strawberry GraphQL up to version 0.312.3, where the legacy graphql-ws WebSocket subprotocol may bypass authentication on WebSocket subscription endpoints. The root cause is that the graphql-ws handshake (connection_init) is not verified before processing start/subscription ...

RLSA-2026:5585 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service vi...

NI LabVIEW 安全漏洞

NI LabVIEW is a graphical programming platform developed by National Instruments. Versions of NI LabVIEW prior to 2026 Q1 26.1.0 contained security vulnerabilities. These vulnerabilities were caused by an out-of-bounds write operation in the ResFileFactory::InitResourceMgr function, which could...

libvpx security update

1.3.0-8.0.3 - Fixes heap buffer overflow in libvpx CVE-2026-2447 Orabug: 39112729 1.3.0-8.0.1 - Fixes CVE-2025-5283 vpxcodecencinitmulti fix double free on init fail Orabug: 38103810...

GHSA-HV3W-M4G2-5X77 strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions

Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without enforcing any limit on the number of active subscriptions per connection. An...

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

Summary A heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to sizet, resulting in a massive lengt...

Exploit for Deserialization of Untrusted Data in Metabase

CVE-2026-33725 A proof-of-concept exploit for CVE-2026-33725,...

RockyLinux 8 : gnutls (RLSA-2026:5585)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:5585 advisory. gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service via excessive resource consumption...

CVE-2026-31399

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

CVE-2026-23467

CVE-2026-23467 affects the Linux kernel drm/i915/dmc driver. The vulnerability is a NULL pointer dereference that can occur during probe when DC6 is unexpectedly enabled, due to intel_power_domains_init_hw() calling intel_dmc_update_dc6_allowed_count() before intel_dmc_init(). The root cause is u...

CLSA-2026-1775224602 gnutls: Fix of CVE-2025-9820

CVE-2025-9820: fix stack-based buffer overflow in gnutlspkcs11tokeninit when processing overly long PKCS11 token labels...

SUSE CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...