CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs

In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdiscresetalltxgt vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netifsetrealnumtxqueues calls qdiscresetalltxgt to flush qdiscs for queues which will no longer be used...

Domoticz 跨站脚本漏洞

Domoticz is an open-source smart home system developed by the Domoticz company. This system supports the monitoring and control of various smart home devices. Versions of Domoticz prior to 2026.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface’s...

ANT-2026-HN9XZXJ9 · freerdp · heap

heap-buffer-overflow medium GHSA-mpxh-8fq3-x8mh GHSA-mvpx-xj7r-3p3r GHSA-p6r2-4hgm-m6ff Severity Claude critical · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Amendment This was deemed not a vulnerability. Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized interpolatio...

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

EUVD-2026-14580

OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...

EUVD-2026-14593

OpenClaw before 2026.3.1 contains an approval bypass vulnerability in system.run where non-path-like argv0 tokens fail to bind executable identity, allowing post-approval executable rebind. Attackers can modify PATH resolution after approval to execute a different binary than the operator approve...

EUVD-2026-14559

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...

OpenClaw OS Command Injection Vulnerability

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...

PT-2026-27428

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as $...

CVE-2026-32910

Rejected reason: This CVE ID has been rejected...

CVE-2026-32901

Rejected reason: This CVE ID has been rejected...

CVE-2026-32047

Rejected reason: This CVE ID has been rejected...

CVE-2026-27183

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...

CVE-2026-28455

Rejected reason: This CVE ID has been rejected...

CVE-2026-32910

...

CVE-2026-32910

CVE-2026-32910 affects OpenClaw prior to 2026.3.1. The vulnerability is an approval bypass in the system.run flow where non-path-like argv[0] tokens fail to bind executable identity, allowing post-approval executable rebind. Practically, an attacker can modify PATH resolution after approval to ex...

CVE-2026-32047

...

CVE-2026-32047

OpenClaw before 2026.2.22 is affected by an allowlist bypass in system.run . Attackers can bypass shell-wrapper analysis by injecting $\ followed by a newline and ( inside double quotes, folding the payload into $(...) to execute arbitrary subcommands. This is a local, low-complexity issue with l...

EUVD-2026-14555

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...