CVE-2026-41343

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

PT-2026-30324

Name of the Vulnerable Software and Affected Versions libp2p-rendezvous versions prior to 0.56.1 Description The libp2p-rendezvous server is susceptible to an Out-of-Memory OOM Denial of Service DoS condition. The server does not limit the number of namespaces a single peer can register. A...

CVE-2026-20080

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...

CVE-2026-20080 Cisco IEC6400 Edge Compute Appliance SSH Denial of Service Vulnerability

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000856 advisory. The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000649 advisory. The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in t...

CVE-2026-22541

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

CVE-1999-0116

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood...

PT-2025-54233

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains a network issue that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php,...

Malicious code in cressida-jwt-loglevel-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187703 Malicious code in koa-version-scorpius-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75dacef98ce0fa1a5b9c797aef9cabfffb1071bd052305809bade9065f2f7e2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in poglymer-ogih-gagffiggaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0e9cd7e1b2e5a3e30e4b65a361af990075794ced9cb31395854f8b94270a635 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gabrielsilva (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeff4311346c16b41c23d7865a281a0e765123b416e9f485db2bccac38e6987c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in devkishore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53ed60eeb0358df5449862846dc76a204d32e0de71ec3524f9199883d4978047 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sabubaali-nalii-iyap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715d0fb62eee38010d99dac90229fa10be9530dd9d56b647f9b29f0c286d9aa1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169805 Malicious code in uinsu-lis-dingkos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81c3214d8988546b0f4bf8c4e64596443f8bfaf43087a1aa0a9f75e8a67312d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154238 Malicious code in dajouka-tsfdaa-t7a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d825781b5f2ea702a3883034cb1c5c37441a5d30af2afdab26205f485f54f463 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ucok-poke75 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa936ddaae238d30802aadb009148065a41bc7dc9d67220da976c6ab7f7a0e2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147715 Malicious code in scorpius-scripts-flare-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eaec14f2f27132288be226ebb081c4188c0c06b56eb85760ea8dc44db967b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...