CVE-2026-40212

OpenStack Skyline contains a DOM-based XSS in the console interface prior to 5.0.1, 6.0.0, and 7.0.0 due to unsafe use of document.write when administrators view instance console logs. Root cause is unsafe DOM manipulation in the console web UI. Impact is cross-site scripting in the admin console...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

PT-2026-31956

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

PT-2026-31971

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

PT-2026-31893

Name of the Vulnerable Software and Affected Versions OpenStack Skyline versions prior to 5.0.1, 6.0.0, and 7.0.0 Description OpenStack Skyline contains a DOM-based Cross-Site Scripting XSS issue in the console. This is due to the unsafe use of document.write. This is relevant when administrators...

CVE-2026-23780

Affected product: BMC Control-M/MFT 9.0.20–9.0.22. Vulnerability: SQL injection in the MFT API debug interface due to improper input validation and unsafe dynamic SQL handling. Impact: authenticated attacker can read/write arbitrary files and may achieve remote code execution; no exploit details ...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks in the /send and /allowlist chat command processors. As a result,...

Bugsink 输入验证错误漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Version 2.1.0 of Bugsink contains a vulnerability related to input validation. This vulnerability stems from an authentication-related file writing issue during the package assembly process. It may allow users with...

OpenClaw has an unspecified vulnerability (CNVD-2026-17184)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...

OpenStack Skyline 安全漏洞

OpenStack Skyline is a web interface system for managing cloud platforms and visualizing resources under the OpenStack open-source framework. Versions of OpenStack Skyline prior to 5.0.1, 6.0.0, and 7.0.0 contain security vulnerabilities. These vulnerabilities stem from DOM-based cross-site...

PT-2026-32004

Name of the Vulnerable Software and Affected Versions Bugsink versions 2.1.0 Description A file write issue exists in Bugsink 2.1.0 within the artifact bundle assembly process. An authenticated user with a valid authentication token can write content to a filesystem location accessible to the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the POST /reset-profile endpoint, which could allow callers with the...

PT-2026-31908

Name of the Vulnerable Software and Affected Versions FalkorDB Browser version 1.9.3 Description The FalkorDB Browser application is susceptible to an unauthenticated path traversal flaw within its file upload API. This allows remote attackers to write arbitrary files, potentially leading to remo...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

PT-2026-31964

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007080)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007080 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause ...

Linux Distros Unpatched Vulnerability : CVE-2026-5503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the...

openSUSE 16 Security Update : aws-c-event-stream (openSUSE-SU-2026:20477-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20477-1 advisory. Changes in aws-c-event-stream: - CVE-2026-5190: Fixed a out-of-bounds write caused by crafted event-stream messages bsc1261298 Tenable has extracted the...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2026:6949)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6949 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...