PT-2026-21020

Name of the Vulnerable Software and Affected Versions Sync-in Server versions prior to 1.9.3 Description A Stored Cross-Site Scripting XSS issue exists in Sync-in Server. An authenticated attacker can execute arbitrary JavaScript in a victim’s browser. This is achieved by uploading a crafted SVG...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)

Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

CVE-2026-27056

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

CVE-2026-27056

The CVE-2026-27056 entry concerns the WordPress plugin StellarWP iThemes Sync (WordPress) with a Broken/Missing Authorization vulnerability in its access control. Affected software: iThemes Sync plugin versions up to and including 3.2.8. Root cause inferred from descriptions: misconfigured access...

CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

PT-2026-20762

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

CLSA-2026-1771081379 kernel: Fix of 76 CVEs

HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...

OESA-2026-1339 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...

OESA-2026-1337 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a security vulnerability caused by relative path traversal, which could lead to the reading of unexpected files or syste...

CVE-2026-0652

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cau...

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...