Lucene search
K

287 matches found

Nuclei
Nuclei
added 12 hours ago12 views

ChanCMS <= 3.3.0 - Server-Side Request Forgery

yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...

6.5CVSS6.7AI score0.00655EPSS
Exploits0References2
EUVD
EUVD
added 15 hours ago3 views

EUVD-2025-210386

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/readcollect: Added next-prevdonated. If multiple subrequests donate data to the same “next” request depending on the subrequest’s completion order, each of them will overwrite the prevdonated field, resulting in data...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 7:9 p.m.5 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/15 3:9 p.m.7 views

MAL-2026-5779 Malicious code in hemi-supply-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41be27601d38eb5c0b527a9ec22b7516734e8eae985a2607ae6d70878f5f1d9 package.json declares a preinstall hook node postinstall.js that fires automatically on npm install. The script collects host identity os.hostname,...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.8 views

Malicious code in ve-hemi-rewards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:30 a.m.14 views

Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:40 p.m.15 views

MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.25 views

CVE-2026-43535

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

8.1CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.7 views

EUVD-2026-27281

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:25 a.m.20 views

CVE-2026-43535

OpenClaw (prior to 2026.4.14) contains an authorization context reuse vulnerability in collect-mode queue batches. The flaw lets messages from different senders inherit the final sender’s authorization context, enabling an attacker to drain batches by injecting multiple queued messages and have e...

8.1CVSS5.9AI score0.0022EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.3 views

CVE-2026-43535

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.5 views

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS5.9AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.48 views

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

7.6CVSS0.0022EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 9:35 p.m.5 views

GHSA-JWRQ-8G5X-5FHM OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

6.8CVSS5.7AI score0.0022EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 9:35 p.m.11 views

OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

8.1CVSS5.7AI score0.0022EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/17 9:35 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization when handling collect-mode queue batches, where messages from different senders could be processed together using the authorization context of the final sender. An...

8.1CVSS5.7AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-37020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description An authorization context reuse issue exists in collect-mode queue batches. This allows messages from different senders to inherit the authorization context of the final sender. An attacker can...

7.6CVSS5.8AI score0.0022EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:50 a.m.10 views

Malicious code in collect-rangers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2032d1a91a275e0d014941f9efbffde4e402db99abfb381c36335c75f7f78902 The package collect-rangers was found to contain malicious code...

5.7AI score
Exploits0
Rows per page
Query Builder