CVE-2026-23283 regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()

In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931hwmonread In fp9931hwmonread, if regmapread failed, the function returned the error code without calling pmruntimeputautosuspend, causing a PM reference leak...

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

SUSE CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin's OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

SUSE CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

PT-2026-28151

Name of the Vulnerable Software and Affected Versions crun versions 1.19 through 1.26 Description crun, an open source OCI Container Runtime written in C, has an issue where the crun exec option -u --user is incorrectly parsed. Specifically, a value of 1 is misinterpreted as UID 0 and GID 0 inste...

Linux Distros Unpatched Vulnerability : CVE-2026-23362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 can: bcm: add locking for bcmop runtime updates added a locking for some variables that can ...

EUVD-2026-14784

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

SUSE-SU-2026:20830-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path bsc1256644. - CVE-2025-71085: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr...

Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8

Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8 What happens when a hashing scheme needs to be both HashDoS resistant and quickly reversible? That's the puzzle we tried to solve for addressing CVE-2026-21717 in the March 2026 Node.js security release. This led...

CODESYS Control runtime system 安全漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...

CODESYS Control runtime system 格式化字符串错误漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a vulnerability in the CODESYS Control runtime system related to formatted string errors. This...

PT-2026-27350

Name of the Vulnerable Software and Affected Versions CODESYS Control Runtime System affected versions not specified Description A remote attacker with limited privileges may be able to replace the boot application of the CODESYS Control runtime system. Successful exploitation could lead to...

CVE-2026-27646

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

CVE-2026-27646

OpenClaw Open Source project is vulnerable to a sandbox-escape in the /acp spawn path prior to version 2026.3.7. A sandboxed session could reach host-side ACP runtime initialization via the /acp spawn command, bypassing sandbox restrictions and potentially enabling host-context ACP initialization...

CVE-2026-27646

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

EUVD-2026-14557

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...