9 matches found
Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...
GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...
EUVD-2022-0986
Malicious code in bioql PyPI...
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication
Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...
GHSA-PRPJ-RCHP-9J5H OpenBao allows cancellation of root rekey and recovery rekey operations without authentication
Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...
openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)
update to 3.4.9 - bug 3442028 edit Inline editing enum fields with null shows no dropdown - bug 3442004 interface DB suggestion not correct for user with underscore - bug 3438420 core Magic quotes removed in PHP 5.4 - bug 3398788 session No feedback when result is empty signon authtype - bug...