Malicious code in delphoi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f68bb459a4772a75900ddec7e0a918b514f2211a2303aa80ef82252078e3b6 The package delphoi was found to contain malicious code. Source: ossf-package-analysis c15c8182b6e392861478887a08b04eb8fecc38b70000313dfaf1cad8ac8bc8...

MAL-2026-1998 Malicious code in delphoi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f68bb459a4772a75900ddec7e0a918b514f2211a2303aa80ef82252078e3b6 The package delphoi was found to contain malicious code. Source: ossf-package-analysis c15c8182b6e392861478887a08b04eb8fecc38b70000313dfaf1cad8ac8bc8...

MAL-2026-1995 Malicious code in bic-seo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88b87b18acc3a062d6a79eb7fd959cbbfea586694cf6d918aac1ddacaa062518 The package bic-seo was found to contain malicious code. Source: ossf-package-analysis 7eeaff4f3318ed34f500a278b37ae6e39604797f0de8643056247dc4ab1ebc...

Malicious code in puzzle-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f27caad6b59388e38056a6d8624f8f7b19441cee52bd007d0e1b3678e36dd240 The package puzzle-gateway was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1996 Malicious code in puzzle-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f27caad6b59388e38056a6d8624f8f7b19441cee52bd007d0e1b3678e36dd240 The package puzzle-gateway was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1997 Malicious code in ty-web-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f6d0a640d7d4323f1ef52969a6a259b9b6e3bacc2bf65f514cd618a00945a9 The package ty-web-session was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ty-web-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f6d0a640d7d4323f1ef52969a6a259b9b6e3bacc2bf65f514cd618a00945a9 The package ty-web-session was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in uipathisfun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4128340804464a33ae1b20bb39d652bf1c658b63490cd97d45df609dabfd8f3f The package uipathisfun was found to contain malicious code. Source: ghsa-malware 5056a460c4d2ea98b9bc0090e9f7e81637ed9860f3b4befb1e8ab11df2248c73 An...

AWStats 安全漏洞

AWStats is a log analysis tool developed by eldy, a personal developer. This software supports the analysis of web site logs on all operating systems such as IIS 5.0 and Apache. It can analyze logs from web, WAP, proxy, streaming servers, FTP, and mail servers. AWStats 8.0 has a security...

Security of Binary-Modulated Optical Key Distribution against Quantum-Enhanced Coherent Eavesdropping

Optical key distribution OKD protects the physical layer of communication links by taking advantage of the inherent noise present in the photodetection process. It allows for efficient generation of a shared random key between two distant users which can subsequently be used for cryptographic...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the sp256getentry2569 function when compiled for RISC-V RV32I with GCC using the -O3 optimization flag. An attacker can recover secret keys by performing timing analysis on the side-channel leakage introduced by...

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

EUVD-2026-13172

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

MAL-2026-1580 Malicious code in nflx-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3868ddb111f719ba68b77cb727004735968c277712508099e138028047b7fd55 The package nflx-release was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1578 Malicious code in browser-gaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6192938bfd5be1cecf133866c6e290b57293bede88ca5b11d8af9aab40bae003 The package browser-gaming-client was found to contain malicious code. Source: ossf-package-analysis...

Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jj82-76v6-933r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails...

GHSA-3846-MFVC-XWPF Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jj82-76v6-933r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails...

CVE-2026-27566

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...

EUVD-2026-13023

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...