Advisory ROSA-SA-2026-3294

CVE-ID: CVE-2026-46300 BDU-ID: None CVE-Crit: Not available CVE-DESCRIPTION: A vulnerability in the XFRM ESP-in-TCP subsystem of the Linux kernel. A logical error occurs when transitioning a TCP socket to the espintcp mode after writing file data to the receive queue. The kernel processes file...

TencentOS Server 4: cups (TSSA-2026:0276)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0276 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

OESA-2026-2140 PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API. Security Fixes: PackageKit is a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...

ASUS Business System Control Interface 安全漏洞

ASUS Business System Control Interface is a system control interface developed by ASUS, a Chinese technology company. There is a security vulnerability in the ASUS Business System Control Interface. This vulnerability stems from improper permission allocation, which may allow unauthorized local...

Windows Graphics Component Denial of Service Vulnerability

Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally...

CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

CVE-2026-28485

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

CVE-2026-22285

Dell Device Management Agent DDMA, versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access...

Microsoft Excel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally...

CVE-2026-20939

CVE-2026-20939: Windows File Explorer information disclosure allowing a locally authenticated user to view sensitive data. The issue has a CVSSv3.1 base score of 5.5 (Local, Low attack complexity, Low privileges, Confidentiality impact: High). Microsoft has released fixes in January 2026 security...

Windows Hello Tampering Vulnerability

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2025-59890

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

Microsoft Office Denial of Service Vulnerability

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally...

EUVD-2022-37353

Malicious code in bioql PyPI...

CVE-2025-43882

Dell ThinOS 10, versions prior to 250810.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access...

CVE-2025-1139

IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment...