3699 matches found
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-23228
The CVE-2026-23228 issue is in the Linux kernel smb server (ksmbd) where, on ksmbd_tcp_new_connection() failure, free_transport() did not decrement active_num_conn, leaking the counter. This occurs in the kthread_run() path during transport cleanup. The documented fix replaces free_transport() wi...
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
SUSE CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...
PT-2026-20434
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.550 and earlier Jenkins LTS versions 2.541.1 and earlier Description The software allows access to information about jobs, builds, and build display names even when a user does not have permission to view them. This occurs...
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Summary A mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. Affected Configurations This only impacts deployments that: - Use the node host / companion node executi...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run. An attacker can bypass allowlist enforcement and approval prompts by supplying an allowlisted rawCommand while providing a different command argume...
PT-2026-20492
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.13 and earlier Description An allowlist bypass exists in the OpenClaw npm package. This flaw causes a mismatch between the commands that are verified and the commands that are actually executed, potentially leading to...
PT-2026-8349
Name of the Vulnerable Software and Affected Versions kalcaddle kodbox versions up to 1.64.05 Description A flaw exists in kalcaddle kodbox that allows for operating system command injection. This occurs through manipulation of the localFile argument within the run function of the...
Linux Distros Unpatched Vulnerability : CVE-2026-23140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the...
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System DNS lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslooku...
CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
UBUNTU-CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
EUVD-2026-5897
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
CVE-2026-23140 bpf, test_run: Subtract size of xdp_frame from allowed metadata size
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...