Malicious code in ml2000 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6 On invoking the ml2000 CLI with no arguments, interactivemenu in src/mllabs/generator.py writes a batch file and launches it via...

MAL-2026-4756 Malicious code in ml2000 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6 On invoking the ml2000 CLI with no arguments, interactivemenu in src/mllabs/generator.py writes a batch file and launches it via...

CVE-2026-31999

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

Investigating a New Click-Fix Variant

Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content...

PT-2026-26235

Summary On Windows, the Lobster extension previously retried certain spawn failures ENOENT/EINVAL with shell: true for wrapper compatibility. In that fallback path, tool-provided arguments could be interpreted by cmd.exe if fallback was triggered. Affected Packages / Versions - Package: openclaw...

📄 MajorDoMo Remote Command Injection / Race Condition

This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...

Unauthorized Code Execution

nbconvert is vulnerable to unauthorized code execution. The vulnerability is due to improper handling of SVG-to-PDF conversion on Windows where a malicious inkscape.bat file in the working directory can be executed, which allows an attacker to run arbitrary code when a user performs the conversio...

PYSEC-2026-113

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

[SECURITY] Fedora 42 Update: sad-0.4.32-4.fc42

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

[SECURITY] Fedora 43 Update: sad-0.4.32-4.fc43

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818

Summary: CVE-2025-13818 is a local privilege escalation in the Windows version of ESET Management Agent due to insecure temporary batch file execution. Affected software: ESET Management Agent (Windows). Vulnerability: Local exploit via insecure handling of temporary batch files that can escalate...

EUVD-2025-206890

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818 Local privilege escalation in ESET Management Agent for Windows

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818 Local privilege escalation in ESET Management Agent for Windows

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

PT-2026-6723

Name of the Vulnerable Software and Affected Versions ESET Management Agent affected versions not specified Description A local privilege escalation issue exists due to insecure temporary batch file execution. This allows for potential unauthorized access to system resources. Recommendations At t...

GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...