4808 matches found
Malicious code in motion-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...
CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...
CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...
rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding
A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...
rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding
A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...
ShellShock - Remote Code Execution
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
Malicious code in event-metrics-q3x7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...
MAL-2026-5858 Malicious code in metrics-pipeline-d8k2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01ad2ee3d3807102a3f02c01af0d3fec46d91e9764eb77a8bcedf9c6be7fc3b0 Package declares "postinstall": "node run.js" in package.json, causing automatic execution of bundled beacon scripts on npm install. beacon29.js load...
PT-2026-50146
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...
Malicious code in yunxin-overmind-comment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57551a10d99024d1d12c7f2e349e6557613ed3a5e036bf45d71129d501fbbabc On npm install, the package's scripts.postinstall runs src/postinstall.js, which spawns a detached Node child that collects the installer's hostname,...
MAL-2026-5833 Malicious code in yunxin-overmind-comment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57551a10d99024d1d12c7f2e349e6557613ed3a5e036bf45d71129d501fbbabc On npm install, the package's scripts.postinstall runs src/postinstall.js, which spawns a detached Node child that collects the installer's hostname,...
Malicious code in flow-lending (npm)
Sentinel-high 9.9.9 dependency-confusion squat of an internal Cardano/DeFi lending pkg. preinstall node index.js || true auto-execs a credential exfil: harvests env secrets mnemonic/private key/token/blockfrost API key and POSTs to raw attacker C2 2.25.140.71:8443/surflending/npm-confusion. 2-pkg...
MAL-2026-5804 Malicious code in flow-lending-sdk (npm)
Continuation of the flow/surf-lending DeFi cred-exfil campaign c1655. Sentinel-9.9.9 depconf squat; preinstall node index.js || true exfils env secrets mnemonic/private-key/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2. Companions bodega-sdk/flowdefi verified identical...
Malicious code in flow-lending-sdk (npm)
Continuation of the flow/surf-lending DeFi cred-exfil campaign c1655. Sentinel-9.9.9 depconf squat; preinstall node index.js || true exfils env secrets mnemonic/private-key/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2. Companions bodega-sdk/flowdefi verified identical...
Malicious code in flowdefi (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in bodega-sdk (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-5801 Malicious code in bodega-sdk (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in flowcardano (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. Cardano-themed Sentinel-9.9.9 dependency-confusion squat. preinstall node index.js || true exfils env secrets mnemonic/private-key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2 as...
MAL-2026-5805 Malicious code in flowcardano (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. Cardano-themed Sentinel-9.9.9 dependency-confusion squat. preinstall node index.js || true exfils env secrets mnemonic/private-key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2 as...