EUVD-2026-26082

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

EUVD-2015-6861

Malware in sbrugna...

EUVD-2011-3513

Malware in sbrugna...

EUVD-2014-1137

Malware in sbrugna...

EUVD-2024-52814

Malicious code in bioql PyPI...

EUVD-2024-50376

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...

CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

TencentOS Server 4: python3.11 (TSSA-2024:0758)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0758 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Pornhub, RedTube, and YouPorn block access in France, VPN use set to soar

VPNs Virtual Private Networks are suddenly popular in France. Not because France has suddenly become super privacy conscious, but because Pornhub, RedTube, and YouPorn, have blocked access in France. But why? Last year, France enacted a law mandating that pornographic sites implement stricter...

CVE-2025-30165

A flaw was found in vLLM's multi-node configuration, which is vulnerable to remote code execution due to unsafe deserialization using pickle over a ZeroMQ SUB socket. If the primary vLLM host is compromised, attackers can escalate privileges and execute arbitrary code on connected secondary hosts...

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

RockyLinux 9 : python3.12 (RLSA-2024:10978)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10978 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...

USN-7348-1: Python vulnerabilities

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...

CVE-2022-49432

In the Linux kernel, the following vulnerability has been resolved: powerpc/xics: fix refcount leak in icpopalinit The offindcompatiblenode function returns a node pointer with refcount incremented, use ofnodeput on it when done...

CVE-2023-6544 Keycloak: authorization bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

Aligning to AWS Foundational Security Best Practices With InsightCloudSec

Written by Ryan Blanchard and James Alaniz When an organization is moving their IT infrastructure to the cloud or expanding with net-new investment, one of the hardest tasks for the security team is to identify and establish the proper security policies and controls to keep their cloud environmen...

Cloud Threat Detection: To Agent or Not to Agent?

The shift towards cloud and cloud-native application architectures represents an evolutionary step forward from older paradigms. The adoption of containers, Kubernetes, and serverless functions, along with the use of cloud-based infrastructure, introduces a new set of risks and security challenge...

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your...

Malicious Package in electron-native-notify

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment and follo...