7921 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013266)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013266 advisory. An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which...
PT-2026-36921
Name of the Vulnerable Software and Affected Versions Nginx UI versions 2.0.0 through 2.3.7 Description An unauthenticated network attacker can claim the initial administrator account on a fresh instance during the first-run setup window. The public endpoint "/api/install" is accessible without...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013309)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013309 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed befor...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013098)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013098 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...
CVE-2026-41295
OpenClaw OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability where untrusted workspace channel shadows could execute during built-in channel setup and login. An attacker could clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-p...
CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup
OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...
EUVD-2026-23999
OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...
CVE-2026-41295
OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...
CVE-2026-40045
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...
CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...
Malicious code in cycode-dev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af035661f0964977015279eeceb2e380bf8b525463d4a099d85eab7b4ea8a71b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2957 Malicious code in cycode-dev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af035661f0964977015279eeceb2e380bf8b525463d4a099d85eab7b4ea8a71b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2026-33717
The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...
PT-2026-33859
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...
Malicious code in rblx-studio-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2863 Malicious code in rblx-studio-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-setup (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3fcd831a04f3c23efde7a365717e715cec5c6fb5211d26e5d76ace539abb06bc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2864 Malicious code in robase-setup (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3fcd831a04f3c23efde7a365717e715cec5c6fb5211d26e5d76ace539abb06bc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2860 Malicious code in mylib-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8cc746751844570c4d9de0acc1fc4aba45c1316434c664fc70711749720f88f1 During import, a remote executable is automatically started. During analysis, the executable only showed a basic message. It's likely experimenting with...
Malicious code in rblx-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be690c2f32ad941003f8733406643848380c3918af421fa56c8ec0802b9c261d During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...