Lucene search
K

93 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 8:0 a.m.7 views

Malicious code in apple-internal-pki-trust (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.14 views

CVE-2026-41396

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS0.00126EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25320

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

8.5CVSS6.1AI score0.00133EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.35 views

CVE-2026-41336 OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

8.5CVSS0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33800

Name of the Vulnerable Software and Affected Versions python-dotenv versions prior to 1.2.2 Description The set key and unset key functions in python-dotenv follow symbolic links when rewriting .env files. This occurs when the rewrite context manager in dotenv/main.py writes to a temporary file i...

6.6CVSS7.8AI score0.00288EPSS
Exploits2References61
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/14 3:30 p.m.13 views

EUVD-2025-209435

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/14 3:30 p.m.17 views

Arbitrary Code Injection

Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Arbitrary Code Injection via the automatic loading of .env and .codex/config.toml files when executing the CLI in a compromised repository. An...

9.8CVSS6AI score0.06583EPSS
Exploits1References2
OSV
OSV
added 2026/04/14 3:30 p.m.4 views

GHSA-XRXF-JGV3-QMRM OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.5AI score0.06583EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.5 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.4AI score0.06583EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 9:52 p.m.3 views

CVE-2026-39364

A flaw was found in Vite, a frontend tooling framework for JavaScript. On the Vite development server, a remote attacker could exploit this vulnerability by appending specific query parameters, such as ?raw, to requests. This allows the attacker to bypass security restrictions and retrieve...

8.2CVSS5.8AI score0.02095EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/06 6:3 p.m.204 views

Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/04/03 7:10 p.m.4 views

MAL-2026-2452 Malicious code in strapi-plugin-blurhash (npm)

strapi-plugin-blurhash is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topolog...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:9 p.m.7 views

Malicious code in strapi-plugin-content-sync (npm)

strapi-plugin-content-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:8 p.m.10 views

MAL-2026-2471 Malicious code in strapi-plugin-nordica (npm)

strapi-plugin-nordica is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:5 p.m.4 views

MAL-2026-2477 Malicious code in strapi-plugin-nordica-stage (npm)

strapi-plugin-nordica-stage is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:5 p.m.5 views

MAL-2026-2472 Malicious code in strapi-plugin-nordica-api (npm)

strapi-plugin-nordica-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:4 p.m.3 views

MAL-2026-2473 Malicious code in strapi-plugin-nordica-cms (npm)

strapi-plugin-nordica-cms is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:28 p.m.7 views

Malicious code in strapi-plugin-locale (npm)

strapi-plugin-locale is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
Rows per page
Query Builder