PT-2026-38247

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description OpenClaw fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files. This allows attackers to override critical runtime variables. For instance,...

PT-2026-33883

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.64 Description The sandbox in this agentic coding tool failed to prevent sandboxed processes from creating symbolic links symlinks pointing to locations outside the workspace. When the unsandboxed process wrot...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

CVE-2026-23851

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

EUVD-2022-1730

Malicious code in bioql PyPI...

EUVD-2024-47292

Malicious code in bioql PyPI...

EUVD-2024-54311

Malicious code in bioql PyPI...

PT-2025-39373

Name of the Vulnerable Software and Affected Versions Dify version 1.8.1 Description A broken access control issue exists in Dify version 1.8.1. This allows users within the same workspace to read chat messages belonging to other users. The issue is present on the /console/api/apps/APP...

Missing Authorization

Overview typo3/cms-workspaces is a typo3 component for workflows with custom stages and versioning for a better editing and publishing experience Affected versions of this package are vulnerable to Missing Authorization in the Workspace Module's AJAX backend route. An authenticated attacker can...

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

GHSA-VM32-9RQF-RH3R pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

Summary pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data including on first lockfile generation This can make...

CVE-2024-53866

The CVE-2024-53866 entry concerns pnpm before 9.15.0, where overrides from one workspace can leak into npm metadata stored in global cache, and global-cache data can affect other workspaces. This undermines global state integrity and can enable arbitrary code execution on installs, even when igno...

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamles...

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023...

[SECURITY] [DLA 3827-1] plasma-workspace security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 14, 2024 https://wiki.debian.org/LTS -...

CVE-2024-0435 User can submit message to self-XSS

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...

HashiCorp Terraform 安全漏洞

HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp, USA. A security vulnerability exists in Terraform Enterprise prior to version v202207-1 that stems from not properly enforcing authorization rules for agent pools, which could result in ...

Remote Code Execution

github.com/gitpod-io/gitpod is vulnerable to Remote Code Execution. The vulnerability exists due to cross-site WebSocket Hijacking because the Origin header is not restricted which allows an attacker to take over a workspace with stolen credentials or and extract data from a workplace...