MAL-2026-3024 Malicious code in auth0-ui-components-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0d97624d1290690782d9c5e369ea2df5642da13ce61f091ea686ff4af38ce1 The package auth0-ui-components-docs was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3026 Malicious code in sagat-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...

SUSE CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...

EUVD-2026-25336

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

GHSA-7VQ9-42CC-33J4 Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...

Apache DolphinScheduler 代码问题漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Versions of Apache DolphinScheduler from 3.2.0 to 3.3.1 had code vulnerabilities. These vulnerabilities stemmed from insecure data deserialization in the RPC module, which coul...

PT-2026-34911

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "of find node by path"/"" with "of root" to avoid multiple calls to "of node put". 2. Fix a potential kernel oops during early boot when memory allocation fails while...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the recursive traversal of nested objects in toFormData, which allows for unlimited depth of nested values. This can lead to Node.js...

PT-2026-35030

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.7 Description A circular block reference within % layout % and % block % tags can trigger an infinite recursive loop. This occurs in the getBlockRender function within src/tags/block.ts during OUTPUT mode; when...

VulnCheck KEV: CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

PT-2026-35065

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description SiYuan desktop renders notification messages as raw HTML within an Electron renderer. The API endpoint '/api/notification/pushMsg' accepts a user-controlled msg value, which is forwarded through the...

OpenClaw Remote Code Execution Vulnerability (CNVD-2026-18601)

OpenClaw is a software platform for device pairing and node management, with key features including device authentication, node-wide gateway control, and remote command execution. OpenClaw suffers from a remote code execution vulnerability that stems from a device pairing node failing to properly...

Linux Distros Unpatched Vulnerability : CVE-2026-31542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info...

PT-2026-34894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 platform UV component where deconfigured sockets are mapped to SOCK EMPTY 0xffff. This mapping leads to a system panic during the allocation of UV hub info...

PT-2026-34929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the nilfs2 component within the nilfs mdt save to shadow map function. The btree node cache i assoc inode of the DAT inode is initialized lazily duri...

CVE-2026-41352

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

CVE-2026-41352 OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

CVE-2026-41352

OpenClaw is affected prior to version 2026.3.31. The issue is a remote code execution where a device-paired node can bypass the node scope gate authentication, allowing attackers with device pairing credentials to execute arbitrary node commands on the host without proper validation. CVSS-based i...

CVE-2026-41352

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...