EUVD-2026-9568

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tribe: from n/a through = 1.7.3...

CVE-2026-28019

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

KLA90912 ACE vulnerability in Microsoft Device

A remote code execution vulnerability was found in Microsoft Devices Pricing Program. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21536 Exploitation CVE list CVE-2026-21536 critical Solution Install necessary updates from the KB section,...

PT-2026-23357

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Conquerors conquerors allows PHP Local File Inclusion.This issue affects Conquerors: from n/a through = 1.2.13...

PT-2026-23366

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through = 1.1.7...

PT-2026-23569

Name of the Vulnerable Software and Affected Versions Microsoft Devices Pricing Program affected versions not specified Description A remote code execution issue exists in the Microsoft Devices Pricing Program. The issue allows for code execution. Recommendations At the moment, there is no...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005624 advisory. In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005539 advisory. In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xstcpsetupsocket When using a BPF progr...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the --compress-program flag in the sort process when sort is manually added to the tools.exec.safeBins configuration. An attacker can execute...

GHSA-4GC7-QCVF-38WG In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

GHSA-VMQR-RC7X-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

PT-2026-26392

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

HomeBox 代码问题漏洞

HomeBox is an open-source system developed by SysAdmins Media for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained code vulnerabilities. These vulnerabilities stemmed from the notification program’s functionality, which allowed authenticated users to specify arbitrary URLs without...

CVE-2024-55026

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

PT-2026-26003

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

A Practical Guide to Prioritize Cyber Risk

You have firewalls, endpoint detection, and countless other security controls in place, but how do you know they’ll work when an actual attack happens? Guesswork isn't a strategy. Breach and Attack Simulation BAS helps answer this question by safely testing your defenses against real-world attack...

The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design

In the third part of our series, we explore Preventative Risk Management. We discuss how shifting security into the development lifecycle helps organizations meet FedRAMP requirements...

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...