114 matches found
PT-2026-49775
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...
Unsafe Dependency Resolution
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
MAL-2026-4524 Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...
Unsafe Dependency Resolution
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the handling of protocol URLs or command-line options. An attacker can execute arbitrary local code by enticing a user to click a...
Unsafe Dependency Resolution
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the runWidget function. An attacker can achieve arbitrary code execution by supplying crafted input that exploits path traversal to...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to improper validation of HTTPS certificates in the parser process. An attacker can inject or modify remote CSS content by performing a man-in-the-middle attack during stylesheet loading over HTTPS...
Unsafe Dependency Resolution
Overview ironic-python-agent is an Ironic Python Agent Ramdisk Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the grub-install process. An attacker can achieve code execution by providing a malicious partition image that is deployed and subsequently chrooted ...
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...
Unsafe Dependency Resolution
Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the process that loads environment variables from workspace configuration. An attacker can execute arbitrary code with the privileges of the operator by...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the OpenShell mirror mode that converts untrusted sandbox files into workspace hooks. An attacker can execute arbitrary code on the host system by providi...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the authentication setup. An attacker can cause untrusted workspace plugins to be auto-enabled by leveraging non-interactive onboarding that selects a...
Unsafe Dependency Resolution
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution through the channel setup process. An attacker can execute arbitrary code by introducing a malicious workspace plugin that claims a bundled channel id, allowi...
Resources Downloaded over Insecure Protocol
Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol through the dependency resolution of openapi-to-java-records-mustache-templates artifact that if compromised may include arbitrary .mustache files. An attacker can introduce and distribute...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...
Unsafe Dependency Resolution
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to lack of verification or sandboxing in the StanfordSegmenter module, when unvalidated Java Archive JAR files...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the shell-env process. An attacker can execute arbitrary binaries with the privileges of the affected process by influencing the $SHELL environment variab...