MAL-2026-928 Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

PT-2026-20785

Name of the Vulnerable Software and Affected Versions filippo.io/edwards25519 versions 1.1.0 and earlier Description The filippo.io/edwards25519 Go library, used for edwards25519 elliptic curve cryptography, has an issue where the MultiScalarMult function produces incorrect results or undefined...

Malicious code in ethereum-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f139611e5bee8bd888911afc42c4e762ba55dc37cb142d92fe4203209f917600 The package ethereum-lint was found to contain malicious code. Source: ghsa-malware d4db9b610771f0e6a14c8e5de6545323a4041420731492b2265b31ec14fdaa3b...

SUSE CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

The Rise of AI Agent Communities: Large-Scale Analysis of Discourse and Interaction on Moltbook

Moltbook is a Reddit-like social platform where AI agents create posts and interact with other agents through comments and replies, offering a real-world setting to examine agent-to-agent communication at scale. Using a public API snapshot collected about five days after launch 122,438 posts, we...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2020-37167

CVE-2020-37167 affects ClamAV before 0.103.0-rc, where the ClamBC bytecode interpreter mishandles function name processing due to weak input validation in function name encoding. This can allow manipulation of bytecode function names and potentially execute malicious bytecode or cause unexpected ...

MAL-2026-941 Malicious code in ether-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fd63bfdad336609f23485d2ef2ac2140053efbfb31aa2bec1811be7139db95 The package ether-lint was found to contain malicious code. Source: ghsa-malware c8e14ef98aaca0dc035a27f9edd6286e29e73d16c2b4e7c98ab1afe1e4740e35 Any...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

MalTool: Malicious Tool Attacks on LLM Agents

In a malicious tool attack, an attacker uploads a malicious tool to a distribution platform; once a user installs the tool and the LLM agent selects it during task execution, the tool can compromise the user's security and privacy. Prior work primarily focuses on manipulating tool names and...

K000159974: OpenSSL vulnerability CVE-2025-15469

Security Advisory Description Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such ...

DigitalVolcano TextCrawler Pro 安全漏洞

DigitalVolcano TextCrawler Pro is a batch text search and replacement tool developed by the British company DigitalVolcano. Version 3.1.1 of DigitalVolcano TextCrawler Pro contains a security vulnerability caused by a buffer overflow in the license key field, which may lead to the application...

Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

Relationship to Previously Patched Vulnerability This vulnerability is in addition to the RCE vulnerability patched in GHSA-255j-qw47-wjh5. That advisory addressed a similar RCE vulnerability that affected two specific routes: - /index.php?p=admin%2Factions%2Ffields%2Fapply-layout-element-setting...

GHSA-7JX7-3846-M7W7 Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

Relationship to Previously Patched Vulnerability This vulnerability is in addition to the RCE vulnerability patched in GHSA-255j-qw47-wjh5. That advisory addressed a similar RCE vulnerability that affected two specific routes: - /index.php?p=admin%2Factions%2Ffields%2Fapply-layout-element-setting...

CVE-2026-25498

Craft CMS versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 contain a Remote Code Execution (RCE) flaw in assembleLayoutFromPost() where user-supplied configuration data is not sanitized before passing to Craft::createObject(). This allows authenticated administrators to inject mali...

CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

PT-2026-7148

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.16.17 Craft CMS versions 5.0.0-RC1 through 5.8.21 Description A Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php does not...

Empirical Evaluation of SMOTE in Android Malware Detection with Machine Learning: Challenges and Performance in CICMalDroid 2020

Malware, malicious software designed to damage computer systems and perpetrate scams, is proliferating at an alarming rate, with thousands of new threats emerging daily. Android devices, prevalent in smartphones, smartwatches, tablets, and IoTs, represent a vast attack surface, making malware...