85795 matches found
CVE-2026-24136
creationtimestamp| type| source ---|---|--- 2026-06-12 21:00:04+00:00| published-proof-of-concept| Telegram/8OrsKfIYkEk0-8uPkb8MstgNwn2ZcQVuOnxP5IJIO77AEwY...
CVE-2026-37196
creationtimestamp| type| source ---|---|--- 2026-06-12 15:00:15+00:00| published-proof-of-concept| Telegram/dYnKFurVtgNy90Xs0mFeVx8-TbNcz9O3JjBeFuNn5wMACvE...
CVE-2026-53647
creationtimestamp| type| source ---|---|--- 2026-06-12 15:00:07+00:00| published-proof-of-concept| Telegram/ycLXaxSGB-ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y 2026-07-06 23:56:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpzc5d4mqg22...
CVE-2026-53646
creationtimestamp| type| source ---|---|--- 2026-06-12 11:00:12+00:00| published-proof-of-concept| Telegram/YXCyRYfB5puG4zVuSsqFt0CqpucG34vnwOdsG1DKfw8sOUE 2026-06-12 15:00:07+00:00| published-proof-of-concept| Telegram/ycLXaxSGB-ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y 2026-07-07 00:59:15+00:00| see...
CVE-2026-46645
creationtimestamp| type| source ---|---|--- 2026-06-12 07:00:12+00:00| published-proof-of-concept| Telegram/j7dvhapQ8jKj3IljPE9xOUYg2H-CzPIm6g4IxbeEgHulAw...
CVE-2026-53807
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...
CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...
CVE-2026-53807
OpenClaw prior to 2026.5.6 is vulnerable to an authorization bypass in Telegram interactive callbacks via commands.allowFrom. An authenticated user can invoke affected callbacks to bypass allowlist validation and mark themselves as authorized senders, enabling command behavior outside Telegram se...
EUVD-2026-36313
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...
CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...
CVE-2026-36213
creationtimestamp| type| source ---|---|--- 2026-06-11 15:00:06+00:00| published-proof-of-concept| Telegram/P4OAF6tyxAIVXeyizy-TP1JEXG6oDmgsdsL3rMnBYotsT0...
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for ful...
CVE-2026-44166
creationtimestamp| type| source ---|---|--- 2026-06-11 09:00:04+00:00| published-proof-of-concept| Telegram/X3d0ovB01fXeFh1HIc4iOWU-yKPAhiRlXClKZPas190B7A...
CVEAlertor
CVEAlertor Get an instant Telegram alert the moment a new C...
Malicious code in telebot-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2 The package advertises itself as a configurable Telegram bot server README and.env.example reference TELEGRAMBOTTOKEN and ALLOWEDUSERIDS, but the cod...
Malicious code in spotify-url-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...
MAL-2026-5574 Malicious code in spotify-url-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...
Malicious code in solana-web3-community (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 202fa4daf22c4ecace931dfbdbeee6821fe42c14956d35c763c55051528dee12 Package masquerades as the official @solana/web3.js SDK name solana-web3-community, author 'Solana Labs Maintainers ', repository...
MAL-2026-5560 Malicious code in solana-web3-community (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 202fa4daf22c4ecace931dfbdbeee6821fe42c14956d35c763c55051528dee12 Package masquerades as the official @solana/web3.js SDK name solana-web3-community, author 'Solana Labs Maintainers ', repository...
PT-2026-48737
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description An authorization bypass exists in Telegram interactive callbacks. Authenticated users can bypass the commands.allowFrom validation by invoking affected callbacks to mark themselves as authorized...