1409 matches found
About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) vulnerability
About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" CVE-2026-43284, CVE-2026-43500 vulnerability. According to information from researcher Hyunwoo Kim @v4bel, Dirty Frag is a vulnerability a class of vulnerabilities that allows a local unprivileged attacker to obtain root...
Security Advisory 0138
Security Advisory 0138 PDF Date: May 8, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 8, 2026 | Initial release 1.1 | May 18, 2026 | Updated affected products and added Mitigation section 1.2 | July 15, 2026 | Updated CVE-ID's tracking this issue Updated Affected Software Added Resolution...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CopyFail2 CVE-2026-31431 - Python Implementation Python por...
Security Advisory 0136
Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...
Exploit for CVE-2026-31431
Copy Fail PoC English Python PoC for CVE-2026-31431,...
Exploit for CVE-2026-31431
CVE-2026-31431 — Copy Vulnerability Linux Kernel Page Cache...
OpenClaw: Webchat audio embedding could read local files without local-root containment
Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
...
CVE-2026-41366
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
EUVD-2026-25946
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-41366
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
PT-2026-35554
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : PackageKit vulnerability (USN-8195-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8195-1 advisory. It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary package...
[SECURITY] [DLA 4544-1] ntfs-3g security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4544-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 21, 2026 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 6221-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6221-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 21, 2026 https://www.debian.org/security/faq -...
EUVD-2026-23931
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...
GHSA-QC5J-2MQX-X83Q Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...
CVE-2026-41389
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...
CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...
CVE-2026-41389
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...