Lucene search
K

10 matches found

OSV
OSV
added 2026/06/11 7:16 a.m.8 views

MAL-2026-5590 Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.11 views

Malicious code in 0x2ai-demo8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.11 views

MAL-2026-5596 Malicious code in 0x2ai-demo8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

9.3CVSS5.5AI score0.0016EPSS
Exploits1References1
NVD
NVD
added 2026/04/14 11:16 p.m.5 views

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

9.3CVSS0.0016EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.29 views

CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

8.5CVSS0.00142EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.1 views

CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/03/05 9:59 p.m.15 views

CVE-2026-28468

OpenClaw: A sandbox browser bridge server vulnerability in versions 2026.1.29-beta.1 prior to 2026.2.14 allows local attackers to bypass gateway authentication and access browser control endpoints. A local attacker can enumerate tabs, retrieve WebSocket URLs, execute JavaScript, and exfiltrate co...

8.5CVSS6AI score0.00142EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2018/07/24 8:0 p.m.4 views

anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...

6.8CVSS6.5AI score0.01342EPSS
Exploits1
Metasploit
Metasploit
added 2017/01/07 3:51 a.m.23 views

Hardware Bridge Server

This module sets up a web server to bridge communications between Metasploit and physically attached hardware. Currently this module supports: automotive This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: SSL...

7.2AI score
Exploits0
Rows per page
Query Builder