OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

PT-2026-37474

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Bluetooth L2CAP component fails to perform a key size check when receiving L2CAP LE CONN REQ. This missing validation is contrary to the L2CAP/LE/CFC/BV-15-C requirement, which expec...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mismatch between the length of elements in servreglocpfrreqei and the reason field, potentially leadi...

PT-2026-37648

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an URB leak in the pvr2sendrequestex function. This vulnerability may lead to the submission of write...

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

PT-2026-38309

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...

PT-2026-37520

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the kaweth set rx mode function, which serves as the ndo set rx mode callback. This function incorrectly calls netif stop queue and netif wake queue, which are TX queu...

PT-2026-37354

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...

PT-2026-38235

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An incomplete navigation guard allows attackers to trigger navigation without full Server-Side Request Forgery SSRF policy enforcement. SSRF is a flaw where an attacker can force a server to mak...

PT-2026-37429

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the Bluetooth component involving the hdev-req status variable. While hci cmd sync sk modifies this variable under the hdev-req lock, other functions—including hci...

Linux kernel 安全漏洞

The Linux kernel is a product of the Linux Foundation, as is the Linux operating system itself. Other products like “roc” are developed by individual developers. “req” is a simple Go HTTP client that uses Black Magic technology. “ClickHouse” is an open-source product; “ch” is a low-level Go clien...

PT-2026-38319

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.16 Description The bodyLimit function does not reliably enforce the maxSize parameter for requests that lack a usable Content-Length, such as those using Transfer-Encoding: chunked. For these requests, the function...

PT-2026-37418

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg loc pfr req ei It looks element length declared in servreg loc pfr req ei for reason not matching servreg loc pfr req's reason field due which we could observe decoding error on...

PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

Netty 注入漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained an injection vulnerability. This vulnerability...

ROS-20260506-73-0044

Vulnerability in erlang related to flaws in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

PT-2026-38265

Name of the Vulnerable Software and Affected Versions New API versions 0.11.9-alpha.1 and earlier Description New API, a large language model LLM gateway and artificial intelligence AI asset management system, contains a Server-Side Request Forgery SSRF flaw. This issue occurs due to insufficient...

ROS-20260506-73-0026

Vulnerability in tomcat11 related to flaws in http request handling. Exploitation of the vulnerability may allow a remote attacker to send a hidden http request http request smuggling attack...