GHSA-392F-GGF5-FP3C OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists

Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...

MAL-2025-190740 Malicious code in @ensdomains/unicode-confusables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f25465205590fbceb2bb8ae1db02fd1e80f8d085af135427cd757a3b08a1da6 The package @ensdomains/unicode-confusables was found to contain malicious code. Source: ghsa-malware...

Malicious code in @ensdomains/unicode-confusables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f25465205590fbceb2bb8ae1db02fd1e80f8d085af135427cd757a3b08a1da6 The package @ensdomains/unicode-confusables was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198797

Malicious code in @ensdomains/unicode-confusables npm...

Linux Distros Unpatched Vulnerability : CVE-2018-6102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox URL...

uriDeep - Unicode Encoding Attacks With Machine Learning

Unicode encoding attacks with machine learning. Tool based on machine learning to create amazing fake domains using confusables. Some domains can deceive IDN policies Chrome & Firefox. I created the best big dictionary of confusables using neural networks. It is used in the tool and it can be...