PT-2026-31345

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently,...

CVE-2026-33815

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

Cisco IOS Software IKEv2 DoS (cisco-sa-asa-ftd-ios-dos-kPEpQGGK)

According to its self-reported version, Cisco IOS Software is affected by a vulnerability. - A vulnerability in the Internet Key Exchange version 2 IKEv2 feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service DoS...

CVE-2026-5165

A flaw was found in virtio-win, specifically within the VirtIO Block BLK device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system...

CVE-2026-5165

A flaw was found in virtio-win, specifically within the VirtIO Block BLK device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system...

PT-2026-29036

Name of the Vulnerable Software and Affected Versions virtio-win affected versions not specified Description A memory management issue exists in the VirtIO Block BLK device within virtio-win. A reset of the device does not properly handle memory, leading to a use-after-free condition. This could...

CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

OpenClaw Denial of Service Vulnerability (CNVD-2026-16053)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that can be exploited by attackers to cause increased memory usage and process instability...

CVE-2026-23363

A flaw was found in the Linux kernel's mt76 wireless driver, specifically within the mt7925 component. This vulnerability arises from a failure to properly check the frame length before accessing management fields in the mt7925macwritetxwi80211 function. An attacker could potentially exploit this...

CVE-2026-23294

A flaw was found in the Linux kernel. A race condition in the devmap component, specifically within the xdpdevbulkqueue bq on PREEMPTRT kernels, allows multiple preemptible tasks on the same CPU to concurrently access the bq. This can lead to a use-after-free vulnerability, potentially resulting ...

CVE-2026-23344

A flaw was found in the Linux kernel's crypto: ccp module. A use-after-free vulnerability exists in the sevtsminitlocked function's error handling path. This occurs when the system attempts to access memory that has already been released, leading to a memory corruption vulnerability. This could...

CVE-2026-23360

A flaw was found in the Linux kernel's Non-Volatile Memory Express NVMe subsystem. When an NVMe controller is reset, a previously allocated administration queue may not be properly released before a new one is created. This can lead to the old queue becoming orphaned, potentially causing resource...

CVE-2026-23358

A flaw was found in the Linux kernel's drm/amdgpu driver. During slot reset error handling, the system could attempt to access an uninitialized list due to an uninitialized pointer. This could lead to system instability or a denial of service...

CVE-2026-23373

A flaw was found in the Linux kernel's wifi: rsi module. The rsimac80211config function's failure to default to a zero value can trigger a WARNON in the ieee80211hwconfinit function. This unexpected driver behavior may lead to system instability or other unforeseen operational issues...

CVE-2026-23355

A flaw was found in the Linux kernel's libata subsystem. This vulnerability occurs due to improper handling of deferred work. When ap-deferredqc is cleared, the associated queued work is not canceled, leading to the work being executed at an inappropriate time. This can result in a WARNON...

CVE-2026-23376

A flaw was found in the Linux kernel's nvmet-fcloop component. This vulnerability occurs due to incorrect handling of resource freeing when the remote port state is not online. Specifically, the fcloopt2hxmtlsrsp routine fails to check the remoteport-portstate before calling a done callback, whic...

GHSA-XQ3G-M3J8-2VMM Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...

EUVD-2026-13945

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...