CVE-2026-34459

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

CVE-2026-34459

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

PT-2026-37226

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains an information leak and a stack buffer overflow. An information leak occurs when a sandboxed process sends an IPC reque...

PT-2026-34977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the alps raw event function within the hid-alps driver. This occurs because the driver fails to properly check if it has been claimed correctly befor...

CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

PT-2026-31966

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the ACP permission resolution process. An attacker can bypass security prompting by providing conflicting tool identity hints in rawInput and metadata, which c...

OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting

Summary ACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

PT-2026-20513

Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...

CVE-2025-34450

The CVE-2025-34450 entry affects merbanan/rtl_433 up to version 25.02 and before commit 25e47f8. The root cause is a stack-based buffer overflow in parse_rfraw() located in src/rfraw.c when processing crafted or oversized raw RF input, leading to memory corruption or a crash. Impact is described ...

USN-6841-2 php7.0, php7.2 vulnerability

USN-6841-1 fixed a vulnerability in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user...

USN-6841-1 php7.4, php8.1, php8.2, php8.3 vulnerability

It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information...

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function

Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...