CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dpll: Fixed the issue where dpllpinonpinregister could incorrectly register multiple parent pins when they were used together. In scenarios where a pin is registered with multiple parent pins via dpllpinonpinregister, all these...

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

SUSE CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

EUVD-2026-32456

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

CVE-2026-46074 spi: ch341: fix memory leaks on probe failures

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fixed potential NULL pointer dereferencing issues. The “im” pins are optional. Added a missing check in the hx8357probe function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: gpio-xilinx: Fix integer overflow The current implementation cannot configure more than 32 pins due to an incorrect data type. Therefore, type casting using unsigned long is used to avoid this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mshv: Error handling in mshvregionpin has been fixed. The current error handling has two issues: Firstly, the pinuserpagesfast function may return a short pin count less than the requested count but greater than zero when it...

EUVD-2026-29132

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

SUSE CVE-2026-43045

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshvregionpin The current error handling has two issues: First, pinuserpagesfast can return a short pin count less than requested but greater than zero when it cannot pin all requested pages. This is...

PT-2026-37521

In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the pare...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fixed the order of DT parsing and pinctrl registration. The DT parsing is now performed before pinctrl registration. This ensures that device tree parsing is done before calling devmpinctrlregister, thereby...

PT-2026-36582

Name of the Vulnerable Software and Affected Versions Profile Builder Pro versions prior to 3.14.6 Description The Profile Builder Pro plugin for WordPress is susceptible to PHP Object Injection. This occurs because the wppb request users pins action callback AJAX handler uses the maybe unseriali...

CVE-2026-43045

A flaw was found in the Linux kernel's mshv module. Incorrect error handling in the mshvregionpin function can lead to memory corruption. This occurs when the pinuserpagesfast operation returns a partial pin count, causing the system to use incompletely pinned memory regions. This issue can also...

CVE-2026-43045

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshvregionpin The current error handling has two issues: First, pinuserpagesfast can return a short pin count less than requested but greater than zero when it cannot pin all requested pages. This is...

EUVD-2026-26644

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshvregionpin The current error handling has two issues: First, pinuserpagesfast can return a short pin count less than requested but greater than zero when it cannot pin all requested pages. This is...