3 matches found
Malicious code in animatecss-postcss-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...
EUVD-2026-26082
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...
golang: cmd/go: line directives allows arbitrary execution during build
A flaw was found in the golang cmd/go standard library. A line directive "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go...