CVE-2026-31966

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

CVE-2026-31966 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea DPRK information technology IT worker scheme with an aim to defraud U.S. businesses and generate illicit...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the compress-program parameter in the tools.exec.safeBins configuration. An attacker can execute unauthorized external programs by bypassing intended approval...

CVE-2026-22169

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

EUVD-2026-12710

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169

OpenClaw before version 2026.2.22 has an allowlist bypass in safeBins. When sort is enabled in tools.exec.safeBins, the compress-program parameter can be exploited to invoke external helpers and execute unauthorized external programs. This is a LOCAL, high-severity issue with high impact on confi...

The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence

Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...

Hunting CUDA Bugs at Scale with cuFuzz

GPUs play an increasingly important role in modern software. However, the heterogeneous host-device execution model and expanding software stacks make GPU programs prone to memory-safety and concurrency bugs that evade static analysis. While fuzz-testing, combined with dynamic error checking tool...

EulerOS 2.0 SP11 : aide (EulerOS-SA-2026-1597)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

CVE-2026-29776

An integer underflow flaw has been discovered in FreeRDP. A uint32 field is populated from a uint16 data element. This field is later modified without proper checks and in some situations a program crash may occur. Mitigation Mitigation for this issue is either not available or the currently...

Buffer-Overflow-PoC

Buffer Overflow PoC — ret2libc on x86-64 Linux Overview D...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2.4465. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...

Docker Desktop < 4.64.0 CLI Plugin Directory Privilege Escalation (CVE-2025-15558)

The version of Docker Desktop for Windows installed on the remote host is 4.34.x 4.64.0. It is, therefore, affected by a privilege escalation vulnerability. - Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A...

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities...