CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

CVE-2026-4492

A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-4008

A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...

CVE-2026-4163

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...

CVE-2026-4491

A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public a...

CVE-2026-4486

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The explo...

netfilter: nft_set_pipapo: split gc into unlink and reclaim phase

...

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

...

CVE-2026-4840 Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation ...

CVE-2026-4840

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation ...

libpng 资源管理错误漏洞

Libpng is an open-source PNG reference library developed by The PNG Development Group, which allows for the creation, reading, and other operations on PNG graphic files. Versions of Libpng prior to 1.6.55 contained a resource management vulnerability. This vulnerability stemmed from aliases and...

CVE-2026-23385

A flaw was found in the Linux kernel's netfilter nftables component. A local or privileged user could trigger a failing memory allocation during a set flush operation. This vulnerability, related to how nftables handles set cloning, can lead to a kernel warning WARN splat, potentially causing...

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

GHSA-G8X9-7MGH-7CVJ AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

SUSE CVE-2026-23333

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2026-23351

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...

SUSE CVE-2026-23371

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...