CVE-2026-44116

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...

EUVD-2026-28197

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...

PT-2026-38249

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A server-side request forgery SSRF issue exists in the Zalo plugin. The sendPhoto function fails to validate outbound photo URLs through the SSRF guard. This allows attackers to bypass protectio...

CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701

Telegram Desktop

PT-2026-36705

Name of the Vulnerable Software and Affected Versions Telegram Desktop versions prior to 6.7.6 Description A null pointer dereference a condition where a program attempts to read from a memory address that is null, typically causing a crash can be triggered remotely in the Bot API component. The...

Malicious Package

Overview polymarket-trade-bot-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-1206 Malicious code in polymarket-trade-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49255 Malicious code in custom-telegram-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efed332de627322e3b4c8adc27a889238eb809493e86244e15d96e7b6e45dd87 The package custom-telegram-bot-api was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-37255

Malicious code in custom-telegram-bot-api npm...

Malicious Package

Overview custom-telegram-bot-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2016-5425

Malware in sbrugna...

EUVD-2024-50067

Malicious code in bioql PyPI...

EUVD-2024-50065

Malicious code in bioql PyPI...

EUVD-2024-50091

Malicious code in bioql PyPI...

CVE-2024-9685

The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftbtestaction' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...