SUSE-SU-2026:21418-1 Security update for firewalld

This update for firewalld fixes the following issues: - CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903...

Linux Distros Unpatched Vulnerability : CVE-2026-31547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires th...

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

CVE-2026-42429 OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

CVE-2026-42429

OpenClaw vulnerability CVE-2026-42429 affects the OpenClaw npm package (openclaw) prior to version 2026.4.8. The gateway plugin HTTP authentication path (auth: gateway) can widen identity-bearing operator.read requests into runtime operator.write permissions, allowing read-scoped requests to gain...

CVE-2026-42429 OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

EUVD-2026-26131

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...

EUVD-2026-26096

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

StellarGroup HPX 安全漏洞

StellarGroup HPX is a high-performance parallel runtime system developed by StellarGroup Corporation. Version 1.11.0 of StellarGroup HPX contains a security vulnerability, which stems from unsafe deserialization of untrusted inputs, potentially allowing attackers to execute arbitrary code...

PT-2026-35807

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...

PT-2026-35778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authentication bypass exists where unauthenticated 'plugin-auth' HTTP routes are granted operator runtime write scopes. This allows unauthorized users to access these routes and perform...

AgentWard: A Lifecycle Security Architecture for Autonomous AI Agents

Autonomous AI agents extend large language models into full runtime systems that load skills, ingest external content, maintain memory, plan multi-step actions, and invoke privileged tools. In such systems, security failures rarely remain confined to a single interface; instead, they can propagat...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...

JLSEC-2026-280 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...

CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

EUVD-2026-25807

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2026-40022

CVE-2026-40022 affects Apache Camel Platform HTTP Main: when authentication is enabled and a non-root context path (e.g., /api or /admin) is configured, BasicAuthenticationConfigurer/JWTAuthenticationConfigurer derive the path from properties.getPath() if explicit authenticationPath is not set. C...

SUSE CVE-2026-31683

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014343 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...