π¨ CVE-2025-61662
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
π¨ CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
π@cveNotify
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
π@cveNotify
GitHub
sglang/python/sglang/multimodal_gen/runtime/scheduler_client.py at main Β· sgl-project/sglang
SGLang is a high-performance serving framework for large language models and multimodal models. - sgl-project/sglang
π¨ CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
π@cveNotify
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
π@cveNotify
GitHub
sglang/python/sglang/srt/disaggregation/encode_receiver.py at main Β· sgl-project/sglang
SGLang is a high-performance serving framework for large language models and multimodal models. - sgl-project/sglang
π¨ CVE-2026-3989
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
π@cveNotify
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
π@cveNotify
GitHub
sglang/scripts/playground/replay_request_dump.py at main Β· sgl-project/sglang
SGLang is a high-performance serving framework for large language models and multimodal models. - sgl-project/sglang
π¨ CVE-2026-4039
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.
π@cveNotify
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.
π@cveNotify
GitHub
GitHub - openclaw/openclaw: Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦
Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦ - openclaw/openclaw
π¨ CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
π@cveNotify
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
π@cveNotify
GitHub
GitHub - openclaw/openclaw: Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦
Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦ - openclaw/openclaw
π¨ CVE-2023-41974
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
Apple Support
About the security content of iOS 17 and iPadOS 17 - Apple Support
This document describes the security content of iOS 17 and iPadOS 17.
π¨ CVE-2024-23222
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
π@cveNotify
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
π@cveNotify
Apple Support
About the security content of iOS 17.3 and iPadOS 17.3 - Apple Support
This document describes the security content of iOS 17.3 and iPadOS 17.3.
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
π¨ CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
π@cveNotify
Apple Support
About the security content of Safari 16.6 - Apple Support
This document describes the security content of Safari 16.6.
π¨ CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
π@cveNotify
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
π@cveNotify
π¨ CVE-2026-28442
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be bypassed. By altering the path parameter in the delete request, internal OS files and directories can be removed successfully. The backend processes these manipulated requests without validating whether the targeted path belongs to restricted system locations. This demonstrates improper input validation and broken access control on sensitive filesystem operations. No known public patch is available.
π@cveNotify
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be bypassed. By altering the path parameter in the delete request, internal OS files and directories can be removed successfully. The backend processes these manipulated requests without validating whether the targeted path belongs to restricted system locations. This demonstrates improper input validation and broken access control on sensitive filesystem operations. No known public patch is available.
π@cveNotify
GitHub
ZimaOS v1.5.2-beta3 - Arbitrary Deletion of Internal System Files via API Path Manipulation
**Issue Description**
During testing, it was observed that users are restricted from deleting internal system files or folders through the application interface. However, when interacting direct...
During testing, it was observed that users are restricted from deleting internal system files or folders through the application interface. However, when interacting direct...
π¨ CVE-2026-1695
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id).
This vulnerability only affects the error page of the OAuth server.
π@cveNotify
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id).
This vulnerability only affects the error page of the OAuth server.
π@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
π¨ CVE-2026-29196
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.
π@cveNotify
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.
π@cveNotify
GitHub
Release v1.5.0 Β· gravitl/netmaker
Netmaker v1.5.0 Release Notes π
π Whatβs New
π Just-In-Time Access (beta)
Time-limited, on-demand network access: users request access, admins approve or deny, and grants expire automatically.
...
π Whatβs New
π Just-In-Time Access (beta)
Time-limited, on-demand network access: users request access, admins approve or deny, and grants expire automatically.
...
π¨ CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape (this.constructor.constructor), an attacker can bypass the sandbox, gain access to the underlying Node.js process object, and execute arbitrary system commands (RCE) on the oneuptime-probe container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise. This vulnerability is fixed in 10.0.18.
π@cveNotify
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape (this.constructor.constructor), an attacker can bypass the sandbox, gain access to the underlying Node.js process object, and execute arbitrary system commands (RCE) on the oneuptime-probe container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise. This vulnerability is fixed in 10.0.18.
π@cveNotify
GitHub
Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
### Summary
OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the inse...
OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the inse...
π¨ CVE-2026-30920
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub App installation binding. Related GitHub endpoints also lack effective authorization, so a valid installation ID can be used to enumerate repositories and create CodeRepository records in an arbitrary project. This vulnerability is fixed in 10.0.19.
π@cveNotify
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub App installation binding. Related GitHub endpoints also lack effective authorization, so a valid installation ID can be used to enumerate repositories and create CodeRepository records in an arbitrary project. This vulnerability is fixed in 10.0.19.
π@cveNotify
GitHub
Broken access control in GitHub App installation flow allows unauthorized project binding
### Summary
OneUptime's GitHub App callback trusts attacker-controlled `state` and `installation_id` values and updates `Project.gitHubAppInstallationId` with `isRoot: true` without validati...
OneUptime's GitHub App callback trusts attacker-controlled `state` and `installation_id` values and updates `Project.gitHubAppInstallationId` with `isRoot: true` without validati...
π¨ CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page. This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. Instead, the attacker can directly use the injected Playwright browser object to reach browser.browserType().launch(...) and spawn an arbitrary executable on the probe host/container. This vulnerability is fixed in 10.0.20.
π@cveNotify
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page. This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. Instead, the attacker can directly use the injected Playwright browser object to reach browser.browserType().launch(...) and spawn an arbitrary executable on the probe host/container. This vulnerability is fixed in 10.0.20.
π@cveNotify
GitHub
Synthetic Monitor RCE via exposed Playwright browser object
Summary
OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the `oneuptime-probe` service. In the current implementation, this u...
OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the `oneuptime-probe` service. In the current implementation, this u...
π¨ CVE-2026-27269
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Premiere Pro | APSB26-28
π¨ CVE-2025-14242
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
π@cveNotify
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
π@cveNotify
π¨ CVE-2026-1692
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.
This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
π@cveNotify
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.
This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
π@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
π¨ CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
π@cveNotify
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
π@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.