Malicious code in pywingui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries the 4.py files are trivia...

EUVD-2026-25440

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

GHSA-9Q36-67VC-RRWG OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

PT-2023-21163 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 Description: The issue concerns escalation of privileges when failure mode allow: true is configured for the ext authz filter in Envoy, an open source edge and service proxy...