CVE-2026-28395

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...

CVE-2026-28395

OpenClaw's Chrome extension relay server (ensureChromeExtensionRelayServer) incorrectly treats wildcard hosts (0.0.0.0/::) as loopback, causing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Affected versions are 2026.1.14-1 through 2026.2.11; fixed in 20...

GHSA-XXH7-FCF3-RJ7F The Eclipse Jetty Server Artifact has a Gzip request memory leak

Description as reported There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability. The leak is created by requests where the request is inflated Content-Encoding: gzip and the response is...

The Eclipse Jetty Server Artifact has a Gzip request memory leak

Description as reported There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability. The leak is created by requests where the request is inflated Content-Encoding: gzip and the response is...

CVE-2026-1678

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-3494

A flaw was found in MariaDB. An authenticated database user can exploit this vulnerability by invoking SQL statements prefixed with double-hyphen — or hash style comments. When the server audit plugin is enabled with specific event filtering, these statements are not logged. This oversight can le...

Off-by-one Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Off-by-one Error in the allowlist mode. An attacker can execute unintended commands by bypassing operator safety controls using specially crafted input to env -S when /usr/bin/env is...

How Journalists Are Reporting From Iran With No Internet

After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country...

TencentOS Server 4: qemu (TSSA-2026:0097)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0097 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2026-2428

The CVE concerns the Fluent Forms Pro Add On Pack for WordPress, vulnerable in all versions up to 6.1.17 due to disabled PayPal IPN verification (disable_ipn_verification defaults to 'yes' in PayPalSettings.php). This enables unauthenticated attackers to send forged PayPal IPN notifications to th...

PT-2026-22290

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...

How to understand and avoid Advanced Persistent Threats

By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...

SUSE-SU-2026:20525-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52615: Resolve fixed source ports for wide-area DNS queries cause DNS responses be injected. bsc1233421 - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion. bsc1256499 - CVE-2025-68471: Fixed DoS bug by changing assert to...

CVE-2026-2499 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting

The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2026-22194

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, contains a flaw where a user's full name can be interpreted as raw HTML...

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting...

CVE-2026-23983

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

SUSE CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...

GHSA-879P-475X-RQH2 Caddy is vulnerable to cross-origin config application via local admin API /load

commit: e0f8d9b2047af417d8faf354b675941f3dac9891 as-of 2026-02-04 channel: GitHub security advisory per SECURITY.md summary The local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement ...