23 matches found
CVE-2026-41396
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...
CVE-2026-41396 OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...
CVE-2026-41396
OpenClaw is affected prior to version 2026.3.31. Affected: openclaw (npm). Vulnerability: workspace .env files can override OPENCLAW_BUNDLED_PLUGINS_DIR, allowing manipulation of the bundled plugin trust root and undermining plugin trust verification. Impact: attackers with control over workspace...
Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)
Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...
GHSA-QCJ9-WWGW-6GM8 OpenClaw: Workspace `.env` can override the bundled plugin trust root
Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...
OpenClaw: Workspace `.env` can override the bundled plugin trust root
Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...
CLSA-2026-1772644488 Update of ca-certificates
update to CKBI 2.82 from NSS 3.121 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
EUVD-2022-41336
Malicious code in bioql PyPI...
Update of nss
update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "Entrust Root Certification Authority - G4" - Certificate "Security Communication ECC RootCA1" - Certificate "BJCA Global Root CA1" - Certificate "BJCA Global Root...
CLSA-2025-1754337533 Update of nss
update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Entrust Root Certification Authority" - Certificate "AffirmTrust Commercial" - Certificate "AffirmTrust Networking" - Certificate "AffirmTrust Premium" - Certificate...
CLSA-2025-1752087242 Update of ca-certificates
update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Entrust Root Certification Authority" - Certificate "AffirmTrust Commercial" - Certificate "AffirmTrust Networking" - Certificate "AffirmTrust Premium" - Certificate...
SUSE-SU-2025:20336-1 Security update for ca-certificates-mozilla
This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCEDATEEPOCH set for reproducible builds bsc1229003 - explicit remove...
Security update for ca-certificates-mozilla
This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: Removed: SwissSign Silver CA - G2 Added: D-TRUST BR Root CA 2 2023 D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs bsc1234798: Removed: SecureSign RootCA11...
Visteon Infotainment 安全漏洞
Visteon Infotainment is an automotive infotainment system from Visteon Corporation USA. A security vulnerability exists in Visteon Infotainment that stems from the lack of a properly configured hardware trust root in the application system-on-chip SoC configuration, which could allow a local...
CLSA-2024-1731001050 Update of nss
update to CKBI 2.70 from NSS 3.104 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma...
CLSA-2024-1730916322 Update of nss
update to CKBI 2.70 from NSS 3.104 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma...
CLSA-2024-1730916203 Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...
CLSA-2024-1730915924 Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...
CLSA-2024-1730912568 Update of nss
update to CKBI 2.70 from NSS 3.104 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma...
CLSA-2024-1730910207 Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...