•3 minutes ago•GHSA-R5FQ-947M-XM57
8.5OpenClaw: When Your AI Assistant Decides to Patch Your System Config
An analysis of a critical path traversal vulnerability in OpenClaw's agent tooling, specifically the `apply_patch` function. This flaw allowed AI agents (or attackers manipulating them via prompt injection) to escape the workspace sandbox and overwrite arbitrary files on the host system, leading to potential Remote Code Execution (RCE).
0 views•5 min read
•about 1 hour ago•GHSA-88QP-P4QG-RQM6
7.5SvelteKit Remote Functions: The Cost of Experimental Features
An experimental feature in SvelteKit introduced a severe Denial of Service vulnerability via the binary form deserialization logic. By exploiting how the 'devalue' library handles object references and type coercion, an attacker can trigger massive CPU consumption.
1 views•6 min read
•about 2 hours ago•GHSA-FH3F-Q9QW-93J9
5.9Identity Crisis: Breaking OpenClaw Sandbox Isolation with SHA-1 Collisions
OpenClaw, a platform for personal AI agents, was found using the deprecated SHA-1 hashing algorithm to generate unique identifiers for sandbox configurations. This flaw allows for potential hash collisions, where two distinct sandbox configurations—one benign and one malicious—could result in the same identifier. Consequently, the system might erroneously reuse an existing, privileged sandbox for an attacker's session, effectively bypassing isolation boundaries.
0 views•5 min read
•about 5 hours ago•GHSA-9PPG-JX86-FQW7
9.9Clinejection: When AI Agents Go Rogue and Poison Your Supply Chain
In a twist of irony that would make a cyberpunk author blush, the popular VS Code extension 'cline' was compromised not by a buffer overflow or a weak password, but by its own helpful AI assistant. By leveraging a Prompt Injection vulnerability within a GitHub Actions workflow, an attacker forced the repository's AI agent to execute arbitrary Bash commands. This initial foothold allowed the attacker to poison the GitHub Actions cache, pivot to a high-privileged release workflow, steal NPM publishing tokens, and push a malicious version (`2.3.0`) to the npm registry. This is a masterclass in modern CI/CD exploitation: utilizing 'Agentic AI' as a naive, over-privileged accomplice.
9 views•5 min read
•about 5 hours ago•GHSA-3288-P39F-RQPV
UnknownRust Keccak: When 'Immutable' Inputs Go Rogue on ARMv8
A deep-dive analysis of a technical unsoundness in the Rust `keccak` crate's ARMv8 assembly backend. By misrepresenting register constraints to the LLVM compiler, the implementation created a divergence between the hardware state and the compiler's abstract model, leading to Undefined Behavior (UB) and potential memory corruption scenarios.
1 views•6 min read
•about 5 hours ago•CVE-2026-24834
9.4Ghost in the Machine: Breaking Out of Kata Containers via Direct Access Memory Corruption
A critical privilege escalation vulnerability exists in Kata Containers allowing a containerized attacker to overwrite the underlying Guest VM's read-only root filesystem. By exploiting a flaw in how the Linux `virtio-pmem` driver handles read-only flags combined with DAX memory mapping, an attacker can modify executable binaries in the guest kernel's memory space. This grants root access to the micro-VM, bypassing container isolation entirely and, in specific ARM64 configurations, potentially corrupting the host image.
7 views•7 min read
•about 6 hours ago•CVE-2026-25535
8.7The 4GB GIF: Crashing Browsers and Servers with CVE-2026-25535
A logic flaw in jsPDF's bundled GIF parser allows attackers to trigger a massive memory allocation by manipulating image headers. By specifying a canvas size of 65535x65535 in a tiny GIF file, an attacker can force the application to attempt a ~4.3GB contiguous memory allocation, crashing the process immediately.
6 views•5 min read
•about 11 hours ago•CVE-2026-22769
10.0Rooting Recovery: The Dell RP4VMs Hardcoded Horror Show
In a twist of irony that would make Alanis Morissette cringe, Dell's RecoverPoint for Virtual Machines (RP4VMs)—a tool designed to save you from disasters—became the disaster itself. For nearly two years, a hardcoded administrative credential in the Apache Tomcat configuration allowed the China-nexus threat group UNC6201 to treat these appliances like an Airbnb. This isn't a complex buffer overflow or a race condition; it's a 'user=admin, password=password' scenario on a critical infrastructure component, leading to a perfect CVSS 10.0 score and full root compromise.
13 views•7 min read
•about 15 hours ago•CVE-2026-26119
8.8Windows Admin Center: The 'Sudo' Command You Didn't Know You Had
Microsoft's Windows Admin Center (WAC) was designed to be the modern 'single pane of glass' for system administrators—a web-based evolution of the clunky old MMC snap-ins. Unfortunately, a critical flaw in the Gateway Service turned that glass into a sieve. CVE-2026-26119 allows any authenticated user, regardless of how low their privileges are, to trick the gateway into executing commands with administrative rights. It’s a classic case of a proxy service trusting the client a little too much, effectively handing the keys to the kingdom to anyone who can log in.
21 views•7 min read
•about 23 hours ago•CVE-2026-1669
7.1Model Poisoning: Turning Keras Weights into Weaponized File Readers
A high-severity Arbitrary File Read vulnerability in the Keras machine learning library allows attackers to exfiltrate sensitive local files (like /etc/passwd or AWS credentials) by embedding 'External Storage' links within malicious HDF5 model files. This affects Keras versions 3.0.0 through 3.13.1.
12 views•6 min read
•1 day ago•GHSA-4564-PVR2-QQ4H
8.8OpenClaw Keychain Injection: When Secure Storage Becomes a Shell
A critical OS Command Injection vulnerability in the OpenClaw AI assistant allows remote code execution via malicious OAuth tokens. By failing to sanitize inputs before passing them to the macOS 'security' utility, the application permits attackers to execute arbitrary shell commands with the privileges of the host user. This transforms the keychain credential management feature—designed for security—into a high-impact entry point for compromise.
5 views•5 min read
•1 day ago•GHSA-7RCP-MXPQ-72PJ
4.3OpenClaw Chutes: The 'Trust Me Bro' OAuth State Bypass
A logic flaw in OpenClaw's manual OAuth input parsing allowed attackers to bypass state validation by simply providing a bare authorization code. The application helpfully, but insecurely, assumed that any non-URL input was a valid code and automatically attached the expected session state to it, enabling credential substitution attacks.
4 views•5 min read