PT-2026-42615

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $ GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

OpenClaw has an unspecified vulnerability (CNVD-2026-20008)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...

EUVD-2026-27989

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-26082

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

CVE-2023-31403

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...

CVE-2025-64305

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

CVE-2023-52972

Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes...

golang: cmd/go: line directives allows arbitrary execution during build

A flaw was found in the golang cmd/go standard library. A line directive "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go...

Caml-light 安全漏洞

Caml-Light is an older, open source lightweight implementation of the core Caml language from the Caml team. Caml-light suffers from a security vulnerability that stems from Caml-light = 0.75 using mktemp insecurely and doing unsafe things in TMP during make install...

Directory Traversal

icingaweb is vulnerable to directory traversal. The vulnerability exists as arbitrary files are readable by the process running Icinga Web 2...

Video Training Update, July 2019

The Qualys Training team released a major update to the Vulnerability Management Certified Training Course. We’ve also built out two new video libraries showing how to assess business process risk and how to secure cloud infrastructures in DevSecOps environments using AWS Golden AMI pipelines. An...