CVE-2026-35632

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

CVE-2026-35632 OpenClaw <= 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

Malicious code in sjs-lint-build1 (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

PT-2026-31796

Name of the Vulnerable Software and Affected Versions Juniper Networks Apstra versions prior to 6.1.1 Description A Key Exchange without Entity Authentication issue exists in the SSH implementation of Juniper Networks Apstra. This allows an unauthenticated, man-in-the-middle MITM attacker to...

Juniper Networks Apstra 安全漏洞

Juniper Networks Apstra is a data center network automation and intent-driven management platform developed by Juniper Networks. Versions of Juniper Networks Apstra prior to 6.1.1 contained security vulnerabilities, which were due to insufficient SSH host key verification. These vulnerabilities...

PT-2026-31607

Disclosure from our research team at Pentest-Tools.com "It's just dev mode" is doing a lot of heavy lifting here. FuelCMS has no enforced access control on the add git submodule installer function. Dev mode on, git over SSH enabled, a valid .git directory in the root: any authenticated user can...

PT-2026-31767

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.2.22 Description OpenClaw through version 2026.2.22 has a symlink traversal issue in the agents.create and agents.update handlers. These handlers use fs.appendFile on IDENTITY.md without proper symlink containmen...

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

rsync security update

3.4.1-2.2 - Resolves: RHEL-152885 - CVE-2025-10158 Out of bounds array access via negative index 3.4.1-2.1 - Resolves: RHEL-152878 - clearing DISPLAY breaks SSHASKPASS expectations...

PT-2026-30900

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information. This poses a risk to the...

CVE-2026-35452 WWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

EUVD-2026-19353

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how...

Malicious code in nerite-security-audit (npm)

Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...

Oracle Linux 9 : openssh (ELSA-2026-6462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6462 advisory. 8.7p1-48.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug:...