Lucene search
K

98 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.8 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:35 p.m.7 views

MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-57344

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions prior to 2.2.5 Description The software fails to redact sensitive information when returning resource objects. Authenticated administrators or Personal Access Tokens PAT with nezha:ddns:read or nezha:notification:read...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 7:24 p.m.11 views

Malicious code in d0rk3r (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...

6AI score
Exploits0References17
OSV
OSV
added 2026/06/20 7:8 p.m.10 views

MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 7:8 p.m.16 views

Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/20 6:47 p.m.8 views

MAL-2026-6245 Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 6:47 p.m.10 views

Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
OSV
OSV
added 2026/05/11 10:36 a.m.11 views

MAL-2026-3426 Malicious code in mpkg123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df9e0498d827adeb16ea11e4a1137133d2124f039942b776f7ac098a257cd164 If executed as a module, the obfuscated code collects and exfiltrates sensitive data, including passwords saved in a browser. --- Category: MALICIOUS - The...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 10:36 a.m.9 views

Malicious code in mpkg123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df9e0498d827adeb16ea11e4a1137133d2124f039942b776f7ac098a257cd164 If executed as a module, the obfuscated code collects and exfiltrates sensitive data, including passwords saved in a browser. --- Category: MALICIOUS - The...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.8 views

Duplicate Advisory: OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vcx4-4qxg-mfp4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allo...

6.5CVSS5.7AI score0.00287EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/10 12:30 a.m.10 views

GHSA-R4C2-GQ3J-7RPJ Duplicate Advisory: OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vcx4-4qxg-mfp4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allo...

6.3CVSS5.7AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 10:16 p.m.8 views

CVE-2026-35628

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook...

6.5CVSS0.00287EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.5 views

CVE-2026-35628

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook...

6.3CVSS5.9AI score0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.25 views

CVE-2026-35628 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook...

6.3CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:27 p.m.18 views

CVE-2026-35628

Technical details about CVE-2026-35628 are not publicly provided in the supplied documents. Monitor for updates.

6.5CVSS5.9AI score0.00287EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.6 views

CVE-2026-35628 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook...

6.3CVSS5.8AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31764

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a missing rate limiting issue in Telegram webhook authentication. This allows attackers to brute-force weak webhook secrets by repeatedly guessing without throttling. The...

6.3CVSS5.8AI score0.00287EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting in Telegram Webhook authentication, which could lead to brute-force attacks...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/29 3:30 p.m.3 views

EUVD-2026-17020

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...

8.7CVSS5.9AI score0.00531EPSS
Exploits0References4
Rows per page
Query Builder