•2 minutes ago•GHSA-WFPW-MMFH-QQ69
4.8GHSA-WFPW-MMFH-QQ69: Use-After-Free Vulnerability in Nokogiri XML Node-Level XInclude Processing
Nokogiri is a popular Ruby gem used for parsing XML and HTML documents. A Use-After-Free (UAF) vulnerability exists in its CRuby implementation during XInclude processing. When an application traverses an XML document and exposes nodes to Ruby before calling `do_xinclude`, the underlying C library `libxml2` can free these structures in-place. This leaves active Ruby objects holding pointers to freed memory, leading to potential segmentation faults, memory corruption, or information disclosure.
0 views•7 min read
•29 minutes ago•GHSA-PHWJ-RPRQ-35PP
2.3GHSA-PHWJ-RPRQ-35PP: Use-After-Free Vulnerability in Nokogiri XML Attribute Value Modification
A use-after-free (UAF) vulnerability exists in the CRuby native extension of the Nokogiri gem when updating XML attribute values. If child nodes of an XML attribute are wrapped by Ruby objects prior to setting the attribute's value, the underlying C memory structures are freed while the Ruby wrapper retains a dangling pointer. This results in memory corruption, invalid pointer dereferences, and application crashes during execution or garbage collection.
2 views•6 min read
•about 1 hour ago•GHSA-VMHF-C436-HXJ4
5.1GHSA-VMHF-C436-HXJ4: Client-side Stored Cross-Site Scripting (XSS) in JupyterLab Extension Manager
A client-side Stored Cross-Site Scripting (XSS) vulnerability exists in the JupyterLab Extension Manager. This vulnerability allows an attacker to register a malicious package on the Python Package Index (PyPI) with a crafted metadata homepage URL using the 'javascript:' pseudo-protocol. When a JupyterLab user opens the Extension Manager and clicks the extension name, the browser executes arbitrary JavaScript code within the context of the JupyterLab origin. This can lead to the theft of active workspace documents, credentials, and API tokens. The issue affects all versions of JupyterLab prior to version 4.5.9.
2 views•5 min read
•about 1 hour ago•GHSA-JV2H-4P9V-WF5W
8.8GHSA-JV2H-4P9V-WF5W: Arbitrary Remote Code Execution via Incomplete Environment Denylist in Ouroboros AI
An arbitrary Remote Code Execution (RCE) vulnerability exists in ouroboros-ai due to an incomplete fix for CVE-2026-47211. Ouroboros automatically loads environment configurations from local .env files located in the current working directory (CWD) of cloned repositories. Although a denylist (_UNTRUSTED_ENV_DENYLIST) was introduced in version 0.39.0 to filter out execution-routing environment variables, multiple critical configuration variables were omitted, enabling complete sandbox bypass and arbitrary system command execution.
4 views•6 min read
•about 2 hours ago•GHSA-VCV2-R9JH-99M5
8.8GHSA-VCV2-R9JH-99M5: OS Command Injection in agentic-flow MCP Server Tools
An OS command injection vulnerability (CWE-78) exists in agentic-flow versions 2.0.13 and prior. The package's Model Context Protocol (MCP) server tools directly interpolate user-controlled parameters into shell command strings executed via child_process.execSync without validation. If an AI agent processes untrusted external input and forwards it as parameters to any affected tool, an attacker can break out of the shell argument quotes and execute arbitrary OS commands on the host machine.
4 views•5 min read
•about 3 hours ago•CVE-2026-12151
7.5CVE-2026-12151: Denial of Service via Uncontrolled Fragment Buffering in Undici WebSocket Client
A high-severity denial of service vulnerability in the undici WebSocket client (CVE-2026-12151) arises from uncontrolled memory consumption. Although undici validates individual fragment sizes against a cumulative payload limit, it fails to cap the total number of frames in a single message stream. This allows a rogue or compromised WebSocket server to send an infinite sequence of small or empty continuation frames, causing unbounded memory allocation and eventual heap exhaustion on the client process.
5 views•7 min read
•about 4 hours ago•CVE-2026-48814
9.1CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer
CVE-2026-48814 is a critical vulnerability classified as Missing Authentication for Critical Function (CWE-306) in Network-AI, a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the Model Context Protocol (MCP) Server-Sent Events (SSE) server allows unauthenticated, cross-origin invocation of sensitive orchestration tools. This vulnerability stems from an incomplete fix for CVE-2026-46701, where library-level server class initializations still default to an insecure empty-secret configuration, allowing remote attackers or Server-Side Request Forgery (SSRF) agents to execute administrative tools.
2 views•7 min read
•about 7 hours ago•CVE-2026-53857
8.6CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy
CVE-2026-53857 (GHSA-8c59-hr4w-qg69) is a high-severity authentication bypass vulnerability in OpenClaw (formerly Moltbot/Clawdbot) versions prior to 2026.5.3. The vulnerability arises from an insecure authorization mechanism in the Zalo messaging platform integration. Instead of matching access-control whitelist criteria to persistent and immutable user identifiers, the OpenClaw framework evaluated permissions based on mutable, user-controlled display names. An attacker can exploit this weakness by changing their Zalo profile display name to match a legitimate identity authorized in the allowFrom policy, gaining full access to restricted agent capabilities.
6 views•5 min read
•about 8 hours ago•CVE-2026-53856
5.7CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery
OpenClaw versions before 2026.4.24 contain an insecure file permissions vulnerability in the configuration recovery mechanism. When a local configuration repair is triggered, the recovery path restores the primary configuration file, `openclaw.json`, with overly broad permissions. This enables low-privileged local attackers in multi-user or shared hosting environments to read sensitive system credentials, API tokens, and private assistant configurations.
5 views•7 min read
•about 9 hours ago•CVE-2026-53844
6.5CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search
A missing authorization vulnerability (CWE-862) exists within the shared memory search interface (memory-wiki) of OpenClaw prior to version 2026.4.29. The application fails to apply visibility controls to search queries targeting `/api/memory-wiki/search`. Consequently, an authenticated attacker with low-level privileges can query the global index and exfiltrate sensitive memory entries belonging to other active or historical sessions without authorization.
5 views•5 min read
•about 9 hours ago•CVE-2026-53860
4.2CVE-2026-53860: Sender Policy Bypass in OpenClaw BlueBubbles Integration
CVE-2026-53860 details an authorization bypass in the OpenClaw AI gateway's BlueBubbles integration. The vulnerability arises because the sender policy check validates mutable conversation-level metadata rather than verified, stable sender identities. This allows unauthorized group chat participants to manipulate metadata, match allowlist rules, and run unauthorized AI agent actions.
4 views•6 min read
•about 10 hours ago•CVE-2026-53853
8.3CVE-2026-53853: Protection Mechanism Bypass and Incorrect Authorization in OpenClaw Execution Gateway
An incorrect authorization vulnerability in OpenClaw before 2026.5.12 allows authenticated attackers with low privileges to bypass the argument restriction policy on Linux and macOS platforms. By exploiting the omitted validation of the argPattern parameter, attackers can execute allowlisted binaries with arbitrary command line arguments, leading to unauthorized code execution and system compromise.
5 views•6 min read