OpenClaw: Reject symlinks in local skill packaging script

Vulnerability skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the...

GHSA-R6H2-5GQQ-V5V6 OpenClaw: Reject symlinks in local skill packaging script

Vulnerability skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the...

PT-2026-21336

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives...

nodejs:20 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:24 security update

nodejs 1:24.13.0-1 - Update to version 24.13.0 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fix BR for nodejs-npm nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121581 2021.06-5 - nodejs.req to properly detect bundled deps...

Oracle Linux 8 : nodejs:22 (ELSA-2026-2421)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2421 advisory. nodejs 1:22.22.0-1 - Update to 22.22.0 Resolves: RHEL-118152 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

Oracle Linux 8 : nodejs:24 (ELSA-2026-2420)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2420 advisory. nodejs 1:24.13.0-1 - Update to 24.13.0 Resolves: RHEL-135257 1:24.4.1-1 - Initial import of nodejs:24 nodejs-nodemon 3.0.3-1 - Initial import into...

MAL-2026-812 Malicious code in hardixx-code (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...

Linux Distros Unpatched Vulnerability : CVE-2024-22029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root CVE-2024-22029 Note that Nessu...

Oracle MySQL Server 8.0.x < 8.0.45 (January 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 8.0.0-8.0.44,...

Oracle MySQL Server 9.x.x < 9.6.0 (January 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 8.0.0-8.0.44,...

Oracle MySQL Server 8.4.x < 8.4.8 (January 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Docker Images SQLite. Supported versions that are affected are...

MAL-2026-505 Malicious code in flask-hookserver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5afd1538994efa55632d3ed6d7c9fa419fb26c542b641a3efbd7b35501ea58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Wheel security vulnerabilities

“wheel” is a command-line tool open-sourced by Python Packaging Authority. Versions of “wheel” prior to 0.46.1 contain security vulnerabilities. These vulnerabilities stem from the error handling of file permissions by the decompression function after extracting files, which may lead to privilege...

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding "CISO-level protection" at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it's breaking their margins. That's where the quiet revolution is...

MiracleLinux 9 : dotnet8.0-8.0.110-1.el9_4.ML.1 (AXSA:2024-8897:18)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8897:18 advisory. dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution CVE-2024-38229 dotnet: Multiple .NET componen...

MiracleLinux 8 : dotnet8.0-8.0.110-1.el8_10.ML.1 (AXSA:2024-8896:17)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8896:17 advisory. dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution CVE-2024-38229 dotnet: Multiple .NET componen...

MiracleLinux 9 : dotnet6.0-6.0.135-1.el9_4.ML.1 (AXSA:2024-8898:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8898:17 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Denial of Service in System.Text.Json CVE-2024-43485...

0x20bf (=0.0.1), 31 (=2.3.0) +4288 more potentially affected by CVE-2026-22701 via filelock (>=3.0.10 <=3.20.2)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2026-22701 Source advisory: SNYK:PYTHON-FILELOCK-14912448...