CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: vault-fips, goose, dapr-fips, spicedb-fips, goose-fips, keda-fips, gitlab-kas, azure-service-operator, openfga, cloudnative-pg-fips, hydra-fips, spire-server-fips, cloudnative-pg, splunk-otel-collector-fips, steampipe, src, kine, commercial-chainloop-backend,...

PT-2026-38234

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description Insufficient access control in the Nostr plugin HTTP profile routes allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with...

GHSA-WPG9-53FQ-2R8H Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to the fix, $nor was not included in the set of logical operators that...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection vulnerability discovered by ? in WordPress Npm mongoose versions = 9.0.0, = 9.1.5...

Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to the fix, $nor was not included in the set of logical operators that...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the gateway process. An attacker can modify sensitive configuration paths and persist unsafe changes that cross security boundaries by leveraging model-driven...

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

Summary The agent-facing gateway tool protects config.apply and config.patch with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway...

GHSA-WV26-88M5-6H59 External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

Impact Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA...

CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...

CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...

CVE-2026-42433

OpenClaw vulnerable before 2026.4.10: an authorization bypass lets an operator.write message-tool path access Matrix profile persistence with admin-level authority. Exploitation would allow non-owner message-tools to mutate persistent profile configuration due to insufficient access controls. Aff...

PT-2026-37266

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 6.13.9 Mongoose versions prior to 7.8.9 Mongoose versions prior to 8.22.1 Mongoose versions prior to 9.1.6 Description A flaw in the sanitizeFilter query sanitization mechanism allows it to be bypassed using the $nor...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Pass the correct message length to ip6 AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To address this issue, we chec...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: Keystone: Fixed the if-statement expression in kspciequirk. This code accidentally used && where || was intended. This could potentially lead to a NULL derefrence error. Therefore, the if-statement expression should be...

MAL-2026-3288 Malicious code in common-tg-service (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 502 published versions 1.0.1 through 1.3.207 are malicious. Pairs with ams-ssk, which provides the operator's server-side AMS/CMS infrastructure...

MAL-2026-3287 Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the normalization performed by the AbstractPolicyOperator class. An attacker can cause unbounded memory allocation and exhaust the JVM heap by submitting malicious WS-Policy...

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

EUVD-2026-26353

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...