1207 matches found
External Control of File Name or Path
Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch...
MAL-2026-3319 Malicious code in @google-pay-trust/init-google-pay-result (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dba78dc87b515a0cda716fc10162fbc4c31c264a1e2dbf6f1651257cfa87e62 The package @google-pay-trust/init-google-pay-result was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3321 Malicious code in @montanatonytest/app.web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3284 Malicious code in tinfoil-shops (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...
Malicious code in @bcs-bank-react-ui/swiper-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...
Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
Malicious code in ts-moduler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfa69fb7376ebc308243d78af9402eac9735a83121bbd7cf72a86cc792d10ad The package ts-moduler was found to contain malicious code. Source: ghsa-malware ea28227378d489dcc355b2e56f166d0aadb5c59656ac5033a4090bad165d783c Any...
External Control of System or Configuration Setting
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the loading of workspace .env files. An attacker can manipulate runtime-control variables by crafting a malicious .env file that se...
Malicious code in node-red-contrib-yolo-object-detection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
MAL-2026-2690 Malicious code in @pnc-ref/harmony-support-v18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...
Malicious code in one-translations (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8509aaa4a1769ce406c0bf7883ec6930bbd4aedbbeeb82df3ae719ab279ff238 The package one-translations was found to contain malicious code. Source: ghsa-malware 6d3a1486ad2ba464c9c1c678dfbab6c735eccaf31f2a1d3cba6e3f28a3fad5...
Malicious code in wm-plugin-wm-smart-tip-dont-embed-tooltip (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed6cae507e456c74167f9236f4f846cbbf1437a9fbcc5333e228d22073a78cc4 The package wm-plugin-wm-smart-tip-dont-embed-tooltip was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2610 Malicious code in twilio-video.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...
EUVD-2026-21868
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...
Malicious code in seaport-core-16 (npm)
Package exfiltrates user info to a remote server via wget in test, preinstall, and preupdate scripts. Very few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2cd9e6e61b20566214a0627d5923ec7cbe799e9757d25fd883f46616e5b58b The package...
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...