PT-2026-35809

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invokebrowser.proxy that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations...

OpenCats 代码注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. OpenCats has a code injection vulnerability, which stems from PHP code injection in the AJAX endpoints of the installation wizard. This vulnerability allows unauthenticated attackers to execute arbitrary code ...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission bypass execution vulnerability, which allowed persistent execution of “always-always”...

CVE-2026-40973

The CVE-2026-40973 issue affects Spring Boot versions 4.x (4.0.0–4.0.5 with fix in 4.0.6), 3.5.x (3.5.0–3.5.13 with fix 3.5.14), 3.4.x (3.4.0–3.4.15 with fix 3.4.16), 3.3.x (3.3.0–3.3.18 with fix 3.3.19), and 2.7.x (2.7.0–2.7.32 with fix 2.7.33). The vulnerability stems from the ApplicationTemp m...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

CVE-2026-35902

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...

PT-2026-35545

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance ASA software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K....

CVE-2026-27843

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

CVE-2026-27843

SenseLive X3050 is affected by CVE-2026-27843, where the web management interface permits modification of critical configuration parameters without sufficient authentication or server-side validation. By feeding unsupported or disruptive values to recovery mechanisms and network settings, an atta...

CVE-2026-27843

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

OpenC3 COSMOS - Hijacked session token can be used to reset password for persistence

Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...

Malicious code in com.tencent.puerts.agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 893d557ac2c9f78b7a7885bb93d174293ce6e98589b277f2368a5bce07bfeebd The package com.tencent.puerts.agent was found to contain malicious code. Source: ghsa-malware...

Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems

Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...

EUVD-2026-23500

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized volumeHandle and mounttargetip fields. An attacker can inject unauthorized mount options by supplying specially crafted values to these fields when creating a PersistentVolume, resulting in...

EUVD-2026-23384

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...