CVE-2026-21536

Microsoft Devices Pricing Program Remote Code Execution Vulnerability...

CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability

...

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

...

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27749

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

CVE-2026-27748

CVE-2026-27748 relates to Avira Internet Security’s Software Updater. The vulnerability stems from improper link resolution: a SYSTEM‑level updater process may delete a file under C:\ProgramData by following symbolic links or reparse points, allowing a local attacker to redirect the delete to an ...

CVE-2026-27749

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...

EUVD-2026-9718

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...

EUVD-2026-9568

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tribe: from n/a through = 1.7.3...

CVE-2026-28019

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

PT-2026-23366

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through = 1.1.7...

PT-2026-23569

Name of the Vulnerable Software and Affected Versions Microsoft Devices Pricing Program affected versions not specified Description A remote code execution issue exists in the Microsoft Devices Pricing Program. The issue allows for code execution. Recommendations At the moment, there is no...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005624 advisory. In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently...

KLA90912 ACE vulnerability in Microsoft Device

A remote code execution vulnerability was found in Microsoft Devices Pricing Program. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21536 Exploitation CVE list CVE-2026-21536 critical Solution Install necessary updates from the KB section,...

PT-2026-23357

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Conquerors conquerors allows PHP Local File Inclusion.This issue affects Conquerors: from n/a through = 1.2.13...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005539 advisory. In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xstcpsetupsocket When using a BPF progr...

GHSA-4GC7-QCVF-38WG In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the --compress-program flag in the sort process when sort is manually added to the tools.exec.safeBins configuration. An attacker can execute...

In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...