CVE-2026-7841

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...

CVE-2026-7841

GV-ASWeb 6.2.0 contains a remote code execution via the ASWebCommon.srf backend when an authenticated user with System Setting permissions sends a crafted HTTP POST to bypass frontend restrictions. CVSSv3.1: 8.8 (HIGH), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Exploitation status is not provided in t...

CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...

CVE-2026-35253

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

GHSA-3C93-G9G6-P5J4 Velocidex Velociraptor has an authorization bypass vulnerability

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

SUSE CVE-2026-31720

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fuac1legacy: validate control request size faudiocomplete copies req-length bytes into a 4-byte stack variable: u32 data = 0; memcpy&data, req-buf, req-length; req-length is derived from the host-controlled USB reque...

SUSE CVE-2026-31763

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix incorrect freeirq variable The handler for the IRQ part of this driver is mpu3050-trig but, in the teardown freeirq is called with handler mpu3050. Use correct IRQ handler when calling freeirq...

SUSE CVE-2026-42091

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from incomplete navigation protection, which could allow attackers to bypass SSRF policies and perform...

PT-2026-37618

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description Stale rq-bio values in request-based device-mapper targets can cause double-initialization of cloned bios. This leads to use-after-free and double-free scenarios. For instance, when usin...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from concurrent access to the hdev-reqstatus field without using the READONCE/WRITEONCE annotation,...

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cUsers.updateAddress function not properly verifying the anti-CSRF token, allowing attacke...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from manipulating the TX queue in the kawethsetrxmode function. This vulnerability may lead to the...

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

PT-2026-38231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.5 Description A server-side request forgery SSRF issue exists in the CDP "/json/version" WebSocket endpoint. The webSocketDebuggerUrl response field is not properly validated, which allows attackers to redirec...

PT-2026-37563

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pvrusb2 media component where the pvr2 send request ex function fails to handle a scenario where a write USB Request Block URB—a data structure used for USB...

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform organized by Masa CMS. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.empty function not verifying the anti-CSRF token, which could allow attackers to induce...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the libertas driver failing to ensure that the URB transmission is completed within the usbtxbloc...

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...