26 matches found
CVE-2026-41388 OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling
OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...
GHSA-3PM9-5J7M-59VC OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
Summary Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 startup migration still treats empty-array settings as missing and can rehydrate revoked Tlon config from file state afte...
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
Summary Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 startup migration still treats empty-array settings as missing and can rehydrate revoked Tlon config from file state afte...
CVE-2022-38475
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox 104...
EUVD-2018-19275
Malware in sbrugna...
EUVD-2024-36196
Malicious code in bioql PyPI...
EUVD-2024-36203
Malicious code in bioql PyPI...
MAL-2025-27360 Malicious code in new-empty-array (npm)
The package new-empty-array was found to contain malicious code...
Malicious code in new-empty-array (npm)
The package new-empty-array was found to contain malicious code...
PT-2025-29027
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the ASoC Advanced Linux Sound Architecture Intel audio subsystem. Specifically, the parse int array function does not adequately validate t...
MAL-2025-2307 Malicious code in empty-array-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 349e81874005a4e4ed11f5e452324e817f3fc61d4a22f5237445d562df83fb60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in empty-array-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 349e81874005a4e4ed11f5e452324e817f3fc61d4a22f5237445d562df83fb60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...
CVE-2024-36732
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot...
net: phy: fix phy_get_internal_delay accessing an empty array
...
CVE-2024-36732
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot...
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...
CVE-2024-27047
A vulnerability was found in the Linux kernel's net driver phydevice.c in the phygetinternaldelay function, where a lack of proper checks can cause a potential NULL pointer dereference to occur when the function attempts to access an empty array. The error occurs if the driver calls...