CVE-2026-43081

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

PT-2026-37391

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERIC CMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSI V3 0 EE n GSI EE GENERIC CMD . Notably this fixes a WARN I was seeing when I tried to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

CVE-2026-35667

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command,...

CVE-2026-35667 OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell-utils.ts

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command,...

CVE-2026-35667

The CVE-2026-35667 entry concerns OpenClaw prior to version 2026.3.24, describing an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree from shell-utils.ts. This unpatched function issues an immediate SIGKILL (no graceful SIGTERM), enabling a local at...

CVE-2026-35667

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command,...

EUVD-2026-21480

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command,...

PT-2026-31978

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command,...

OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

GHSA-3298-56P6-RPW2 OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

CVE-2011-20002

Affected software/hardware: Siemens SIMATIC S7-1200 CPU V1/V2 families (incl. SIPLUS variants). Vulnerability: Capture-replay of engineering software communication that can allow an on-path attacker to replay legitimate commands to the controller. Root cause (from sources): Insecure handling of e...

EUVD-2011-5261

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

EUVD-2007-2115

Malware in sbrugna...

CVE-2025-44824

Nagios Log Server before 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response...

Remotely Stopping Polish Trains

Turns out that its easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called "radio-stop" commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those...

Siemens S7-1200 - Unauthenticated Start / Stop Command Vulnerability

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -H $'Host: ' -H...

Adobe Magento App 安全漏洞

Adobe Magento is the United States of America Odobie Adobe company's set of open source PHP e-commerce system . The system provides features such as rights management, search engine and payment gateway. A security vulnerability exists in Create Magento App that stems from the lack of implementati...

Command injection in launchpad

All versions of package launchpad are vulnerable to Command Injection via stop...