CVE-2026-41377

OpenClaw OpenClaw before 2026.3.31 has a fail-open vulnerability in the plugin installation flow: security scan failures do not block installation, allowing the possibility to install untrusted plugins when operators proceed after visible scan warnings. Affected product: openclaw (npm). Vulnerabl...

MAL-2026-2559 Malicious code in databasesupalake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78dbe2b5e300604ea36dc85a6b0e9eae4e92b7b3729de10b3951f5e3bfc7729b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

CVE-2025-20974

Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation...

CVE-2025-20974

Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation...

CVE-2025-20974

Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation...

MAL-2024-12340 Malicious code in route-search (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c63ae8357166fc3afca468347faccce408b6ad59df7d33f958dc0b4f593b598 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2023-26244

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml...

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

CVE-2016-11044

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 with Fingerprint support software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 June 2016...

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...

USN-3991-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive...

Security vulnerabilities fixed in Thunderbird 52.8 — Mozilla

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. Using remote content in encrypted messages can lead to the disclosure of plaintext. A use-after-free vulnerabilit...

Mozilla: Add-on notification bypass through data URLs (MFSA 2015-95)

A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source...