10 matches found
CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...
CVE-2026-39817
The CVE-2026-39817 issue concerns the Go tool chain: the go tool pack subcommand (used internally by the compiler) does not sanitize output filenames. This allows an attacker to craft a malicious archive that, when unpacked via pack, can write files to arbitrary locations on the filesystem. Repor...
seg6: separate dst_cache for input and output paths in seg6 lwtunnel
...
CVE-2026-23740
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...
CVE-2026-23740
Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...
EUVD-2021-13718
Malware in sbrugna...
SUSE CVE-2021-26936
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...
CVE-2021-26936
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...
CVE-2021-26936
Technical details about CVE-2021-26936 are not publicly provided in the supplied documents. Monitor for updates; no affected products, exact root cause, impact, or remediation are explicitly detailed here.
CVE-2021-26936
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...