Monthly
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.
PowerDNS Recursor versions 5.2.x, 5.3.x, and 5.4.0 are vulnerable to denial of service when processing a zone transition from NSEC to NSEC3 DNSSEC record types, causing internal inconsistency and resolver unavailability. The vulnerability requires network access but elevated attack complexity, affecting recursive DNS resolvers in production environments. Vendor patches are available for all affected branches.
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).
Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.
PowerDNS Recursor versions 5.2.x, 5.3.x, and 5.4.0 are vulnerable to denial of service when processing a zone transition from NSEC to NSEC3 DNSSEC record types, causing internal inconsistency and resolver unavailability. The vulnerability requires network access but elevated attack complexity, affecting recursive DNS resolvers in production environments. Vendor patches are available for all affected branches.
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).
Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.