PT-2026-37258

Name of the Vulnerable Software and Affected Versions MagicMirror² versions prior to 2.36.0 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/cors' endpoint, which acts as an open HTTP proxy without authentication or URL validation. This allows remote attackers to...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

EUVD-2026-27095

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

PT-2026-36899

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with a valid API key scoped to variable:list can read variables from projects they are not a member of. This occurs by...

Astra Linux - уязвимость в vim

Vim is vulnerable to use of uninitialized variables...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, the checkflowkeysaccess function only uses a fixed offset for validation. However, the variable offset ptr isn’t prohibited for this type of pointer. Therefore,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3inittransformrq to initialise buffer to NULL before calling netfsallocfolioqbuffer as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: riscv: A race condition during vmap stack overflow detection has been fixed. Currently, when detecting vmap stack overflow, riscv first switches to the so-called “shadow stack”, and then uses this shadow stack to call...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: renaming cpunumber1 to dummycpunumber. The per-process variable cpunumber1 is passed as an argument to xlnxeventhandler along with devid, but it is not used in this function. Therefore, the initialization of this...

Astra Linux - уязвимость в libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...

Astra Linux - уязвимость в mtr

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

Astra Linux - уязвимость в wavpack

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is a maliciously crafted .wav file. The fixed version is: Afte...

Astra Linux - уязвимость в wavpack

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is ParseCaffHeaderConfig caff.c:486. The attack vector is a maliciously crafted .wav file. The fixed version is after the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the MMIO write access to an invalid page in i40eclearhw. When the device sends a specific input, an integer underflow can occur, resulting in MMIO write access to an invalid page. This issue can be prevented by changi...