PT-2026-39695

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

GHSA-3CW3-5VXW-G2H3 OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Summary Remote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details. Impact A malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway...

Malicious code in gift-chii-true (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c3405720bd581e08c810cf39cabb85e555401ee4d970d5a2bf1b90e5ec635a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-2850 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a failure to persist permissions settings due to resource exhaustion, which could lead to local escalation of privilege without...

Malicious code in @diotoborg/omnis-explicabo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e2c816588966c9e43c0456254f94eabf232442670cee94bfd35d0ba9ebac050 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-27035

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

CVE-2024-27035 f2fs: compress: fix to guarantee persisting compressed blocks by CP

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

CVE-2024-27035

CVE-2024-27035 concerns the Linux kernel’s f2fs compression path. The issue arises when a data block inside a compressed cluster is not persisted with its metadata during checkpoint; after SPOR, this can lead to data corruption. The published fix guarantees that the compressed page is written by ...

ASB-A-273729476

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] Fedora 36 Update: clipman-1.6.1-4.fc36

A basic clipboard manager for Wayland, with support for persisting copy buffe rs after an application exits...

LaBrea Tarpitted Host Detection

This script performs a Labrea tarpit scan, by sending a bogus ACK and ACK-windowprobe to a potential host. It also sends a TCP SYN to test for non-persisting labrea machines. This script was written by John [email protected] See the Nessus Scripts License for details include"compat.inc...