57 matches found
MAL-2026-6446 Malicious code in base62-86x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 811002816e7f72588c7c6540b088af5c44b8280574e43dbaeef4701fe377fe9f Package impersonates the legitimate base-x/base62 library by Daniel Cousens name base62-86x, homepage pointing at cryptocoinjs/base-x, identical sour...
CVE-2026-44116
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...
EUVD-2026-28197
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
PT-2026-38249
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A server-side request forgery SSRF issue exists in the Zalo plugin. The sendPhoto function fails to validate outbound photo URLs through the SSRF guard. This allows attackers to bypass protectio...
OpenClaw 代码问题漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...
CVE-2026-7701
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-7701
Telegram Desktop
PT-2026-36705
Name of the Vulnerable Software and Affected Versions Telegram Desktop versions prior to 6.7.6 Description A null pointer dereference a condition where a program attempts to read from a memory address that is null, typically causing a crash can be triggered remotely in the Bot API component. The...
Malicious Package
Overview polymarket-trade-bot-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-1206 Malicious code in polymarket-trade-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-37255
Malicious code in custom-telegram-bot-api npm...
Malicious Package
Overview custom-telegram-bot-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
MAL-2025-49255 Malicious code in custom-telegram-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efed332de627322e3b4c8adc27a889238eb809493e86244e15d96e7b6e45dd87 The package custom-telegram-bot-api was found to contain malicious code. Source: ghsa-malware...
EUVD-2016-5425
Malware in sbrugna...
EUVD-2024-50067
Malicious code in bioql PyPI...
EUVD-2024-50065
Malicious code in bioql PyPI...