CVE-2026-35641 OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installation

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...

CVE-2026-35641

OpenClaw before 2026.3.24 is affected by an arbitrary code execution vulnerability in local plugin and hook installation. An attacker can craft a .npmrc file with a git executable override, and during npm install in the staged package directory, trigger execution of arbitrary programs from attack...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from arbitrary code execution vulnerabilities during the installation of local plugins and hooks. Attackers...

GHSA-M3MH-3MPG-37HW OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

CVE-2025-11561 Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

Photon OS 4.0: Python3 PHSA-2025-4.0-0745

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0745. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Python3 PHSA-2025-4.0-0787

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0787. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Patch PHSA-2024-4.0-0564

An update of the patch package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0564. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Redis PHSA-2025-4.0-0799

An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0799. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Frr PHSA-2025-5.0-0520

An update of the frr package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0520. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid23579...

Photon OS 4.0: Openssh PHSA-2025-4.0-0790

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0790. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Emacs PHSA-2025-5.0-0512

An update of the emacs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0512. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Xz PHSA-2025-5.0-0496

An update of the xz package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0496. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid233960...

Linux Distros Unpatched Vulnerability : CVE-2024-53102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Enterprise Linux - kernel: nvme: make keep-alive synchronous operation CVE-2024-53102 Note that Nessus relies on the presence of the package as reported...

Linux Distros Unpatched Vulnerability : CVE-2023-25727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

Linux Distros Unpatched Vulnerability : CVE-2023-52605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52605 Note that Nessus relies on the presence of the packag...

Linux Distros Unpatched Vulnerability : CVE-2022-4293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. CVE-2022-4293 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2024-35923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-35923 Note that Nessus relies on the presence of the packag...