MAL-2026-2280 Malicious code in roboat-additions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in roboat-addition (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2279 Malicious code in roboat-addition (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2278 Malicious code in python-aiogram-telegram-updater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94b286136c318836563c0eaddf44e8d1b21f217086b444a3266d91b69ace79b8 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...

MAL-2026-2255 Malicious code in thisismytest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

Machine Learning Transferability for Malware Detection

Malware continues to be a predominant operational risk for organizations, especially when obfuscation techniques are used to evade detection. Despite the ongoing efforts in the development of Machine Learning ML detection approaches, there is still a lack of feature compatibility in public...

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper

Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...

GHSA-QM9X-V7CX-7RQ4 OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper

Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...

EUVD-2025-209051

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2026-1995

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

CVE-2026-31997

OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv0 tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling...

CVE-2026-32989

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...

CVE-2026-33717

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

EUVD-2025-209046

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...