Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the azureauthextension method. An attacker can gain unauthorized access to telemetry ingestion endpoints by replaying a valid Azure access token for any scope the configured identity c...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the gateway process. An attacker can modify sensitive configuration paths and persist unsafe changes that cross security boundaries by leveraging model-driven...

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

Summary The agent-facing gateway tool protects config.apply and config.patch with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway...

Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.bsc1239765 CVE-2025-22872:...

SUSE SLES12 Security Update : docker-stable (SUSE-SU-2025:1344-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1344-1 advisory. - CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from...