Aggregator

CVE-2026-43577 | OpenClaw up to 2026.4.8 act/evaluate authorization (GHSA-qmwg-qprg-3j38)

1 week 2 days ago

A vulnerability was found in OpenClaw up to 2026.4.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component act/evaluate. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-43577. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-43576 | OpenClaw up to 2026.4.4 WebSocket Endpoint /json/version redirect (GHSA-f7fh-qg34-x2xh)

VulDB Recent Entries

1 week 2 days ago

A vulnerability was found in OpenClaw up to 2026.4.4. It has been classified as problematic. Affected is an unknown function of the file /json/version of the component WebSocket Endpoint. This manipulation causes open redirect. This vulnerability appears as CVE-2026-43576. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

CVE-2026-43579 | OpenClaw up to 2026.4.9 Nostr Plugin authorization (GHSA-f3h5-h452-vp3j)

VulDB Recent Entries

1 week 2 days ago

A vulnerability was found in OpenClaw up to 2026.4.9 and classified as problematic. This impacts an unknown function of the component Nostr Plugin. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-43579. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2026-43575 | OpenClaw up to 2026.4.9 Sandbox noVNC Helper Route authorization (GHSA-92jp-89mq-4374)

VulDB Recent Entries

1 week 2 days ago

A vulnerability has been found in OpenClaw up to 2026.4.9 and classified as critical. This affects an unknown function of the component Sandbox noVNC Helper Route. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-43575. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2026-43580 | OpenClaw up to 2026.4.9 Navigation Guard authorization (GHSA-536q-mj95-h29h)

VulDB Recent Entries

1 week 2 days ago

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.4.9. The impacted element is an unknown function of the component Navigation Guard. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-43580. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

vuldb.com

Open-source MCP server monitoring for Python apps

Help Net Security

1 week 2 days ago

Pythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code. What the sensor captures The tool wraps a Python process at startup so its hooks initialize before application code executes. According to BlueRock CEO Harold Byun, this is achieved through Python-native mechanisms: audit hooks for security-sensitive … More →

The post Open-source MCP server monitoring for Python apps appeared first on Help Net Security.

Mirko Zorz

心流鼠标手势 FlowMouse v2.0.3 “手势提示” 功能发布

吾爱破解论坛

1 week 2 days ago

新用户在使用手势插件时，最大的痛点往往是记不住手势对应的功能，很容易被“劝退”。为此，我们新增了「手势提示」功能：当你触发手势后，系统会自动匹配当前手势，并在页面底部展示可能对应的功能，帮助新用户在实际操作中逐步加深记忆，轻松上手。

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

The Hackers News

1 week 2 days ago

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host

The Hacker News

Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now!

Cyber Security News

1 week 2 days ago

Google has officially promoted Chrome 148 to the stable channel for Windows, Mac, and Linux, rolling out version 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, one of the most security-intensive releases in the browser’s recent history, packing 127 security fixes in a single update. Of the 127 vulnerabilities addressed, three carry a Critical […]

The post Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now! appeared first on Cyber Security News.

Guru Baran

跑马圈地：中国OpenClaw安全防护产品盘点

数世咨询

1 week 2 days ago

当前中国市场中具有代表性的 OpenClaw 安全相关产品

European leaders unveil tentative deal for AI Act simplification, including a ban on nudification tools

The Record

1 week 2 days ago

The tentative deal responds to industry criticism by postponing enforcement of rules governing so-called “high-risk” AI tools involving biometrics and those used in employment, law enforcement and critical infrastructure to December 2027.

GRC in an AI World - Staying in the Fast Lane Without Losing the Race!

TrustedSec

1 week 2 days ago

<p>Artificial Intelligence (AI) is the new buzz word on the streets. It’s becoming “the best thing since sliced bread” in the IT world and is being used by everyone from executives to employees, students, and even young…</p>

Stephanie Saunders

安卓GKI内核KPM加载器开发踩坑实战

软件安全与逆向分析

1 week 2 days ago

CVE-2026-31789

CVE Trends

1 week 2 days ago

Currently trending CVE - Hype Score: 5 - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined ...