Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005505 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005685 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

CVE-2026-25590

CVE-2026-25590 in the GLPI Inventory Plugin has a reflected XSS vulnerability in task jobs present before version 1.6.6 . The issue allows an attacker to exploit inputs reflected in responses, resulting in confidentiality impact: HIGH while integrity and availability remain unaffected. Exploitati...

CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

PT-2026-26221

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

GLPI Inventory Plugin 跨站脚本漏洞

GLPI Inventory Plugin is an open-source plugin developed by French company GLPI. It is used to process various types of tasks for the GLPI agent. Versions of the GLPI Inventory Plugin prior to 1.6.6 contained a cross-site scripting vulnerability, which stemmed from reflective cross-site scripts...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005737 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005675 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...

PT-2026-26234

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48635

CVE-2025-48635 affects Google Android, with a logic error in multiple paths of TaskFragmentOrganizerController.java that leaks an activity token. The vulnerability can enable local elevation of privilege without additional execution privileges and without user interaction. The issue is described ...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...