Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

MAL-2026-6312 Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a possible memory leak in smb2lock. argv needs to be freed when setupasyncwork fails, or when the current process is awakened...

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

EUVD-2026-31843

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

EUVD-2026-31949

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

net/rsync -- multiple vulnerabilities

The rsync project reports: Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts an...

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

EUVD-2026-27253

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

GHSA-J6C7-3H5X-99G9 OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

PT-2026-37007

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.22 through 2026.4.11 Description Insufficient shell-wrapper detection allows attackers to inject environment variable assignments at the argv level. This enables the bypass of exec preflight handling to manipulate...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

DEBIAN-CVE-2026-33247

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

UBUNTU-CVE-2026-33247

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...