CVE-2026-50872

CVE-2026-50872 affects fossar selfoss v2.20-SNAPSHOT, due to a flaw in the loopback request handling component that enables arbitrary command execution and access to sensitive information when a crafted HTTP request is supplied. Documents do not provide exploit details, affected versions beyond v...

CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...