CVE-2026-34946

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

org.apache.activemq:activemq-http (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.3) +4 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: OSV:GHSA-XVQC-PP94-FMPX...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15989073...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15989072...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.4.5)

openclaw NPM version =0.0.1, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W9J9-W4CP-6WGR...

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15989065...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.3.11 to 2026.3.24 of OpenClaw contains security vulnerabilities. These vulnerabilities stem from session isolation bypass, which may lead to sessions being blocked from access...

CVE-2026-5173

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control...

CVE-2026-39892

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. This vulnerability is fixed in...

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Directory (Container) (CVE-2025-36074)

Summary Security vulnerability has been addressed in IBM Security Verify Directory Container Vulnerability Details CVEID:CVE-2025-36074 DESCRIPTION: IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious fil...

CVE-2026-3499

Product Feed PRO for WooCommerce (AdTribes) for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6–13.5.2.1 due to missing/incorrect nonce validation on AJAX endpoints: ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url...

CVE-2026-4788

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user...

PT-2026-31545

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...

PT-2026-41279

Name of the Vulnerable Software and Affected Versions DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 Description A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers...

UBUNTU-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

UBUNTU-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +394 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=0.17.2)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: SNYK:JAVA-IOMODELCONTEXTPROTOCOLSDK-15928845...

CVE-2026-39371 RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...