CVE-2026-6047

CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...

Critical: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2026-42883

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...

CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

CVE-2026-41383

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode. By influencing remoteWorkspaceDir and remoteAgentWorkspaceDir, an attacker can cause mirror sync to delete unintended remote directory contents and replace them with uploaded workspace data. Affected p...

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

PT-2026-34521

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists that could allow a user to access Virtual Registries under certain conditions by usin...

OESA-2026-1857 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

GHSA-M34Q-H93W-VG5X OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped

Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute remoteWorkspaceDir and remoteAgentWorkspaceDir values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations. Impact If an attacker could influence those...

Linux Distros Unpatched Vulnerability : CVE-2026-4948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSetting...

SourceCodester Resort Reservation System 代码注入漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System contains a code injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the...

CVE-2026-21621

CVE-2026-21621 affects the Hex.pm application (hexpm/hexpm). The vulnerability arises from the OAuth client_credentials flow in Elixir.HexpmWeb.API.OAuthController (validate_scopes_against_key/2), where a read-only API key (domain: api, resource: read) loses its scope and is issued a broad api sc...

Google Chrome Error Type Conversion Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a mis-typed conversion vulnerability that originates from the presence of a mis-typed conversion in the loader, which can be exploited ...

EUVD-2025-143266

Malicious code in anita-hali-mis npm...

CVE-2025-11340

Removed by vendor...