OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

CVE-2026-23086

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peerbufalloc, which is set from the remote endpoint's SOVMSOCKETSBUFFERSIZE value. On the host side this means that the...

CLSA-2025-1766657780 Fix CVE(s): CVE-2025-1181

SECURITY UPDATE: memory corruption when processing relocations for ELF files - debian/patches/CVE-2025-1181.patch: prevent illegal memory access when checking relocs in a corrupt ELF binary - CVE-2025-1181...

PT-2025-47506

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An insecure direct object reference IDOR issue exists in Rallly, allowing authenticated users to delete arbitrary participants from polls without proper ownership verification. The issue stems from th...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989647 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on totaldatablocks As Yanming reported in bugzilla:...

CVE-2025-38477

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2025-47777

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...

Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields

Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...

Unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

SUSE-SU-2018:2093-1 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606485 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fro...