CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2025-22251)

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

CVE-2026-23664

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

CVE-2026-27445

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper verification of whether the PGP signature was...

ABC PRO EAP Legislator 路径遍历漏洞

ABC PRO EAP Legislator is a software developed by the Polish company ABC PRO, used for managing legislative processes and editing legal documents. ABC PRO EAP Legislator has a path traversal vulnerability; this vulnerability arises from the file extraction function’s ability to traverse paths,...

Malicious Package

Overview dotenv-intended is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-174 Malicious code in dotenv-intended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...

EUVD-2026-1833

Malicious code in dotenv-intended npm...

CVE-2025-59372

A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the custom netstack implementation. An attacker can access internal services or execute unauthorized actions by recovering a Wireguard private key from a process dum...

CVE-2025-54755

A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2005-2890

Malware in sbrugna...

EUVD-2008-6732

Malware in sbrugna...

EUVD-2019-7096

Malware in sbrugna...

EUVD-2023-42075

Malicious code in bioql PyPI...

EUVD-2022-6869

Malicious code in bioql PyPI...

CVE-2025-49734

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally...

PT-2025-36818

Name of the Vulnerable Software and Affected Versions: Windows PowerShell affected versions not specified Description: An improper restriction of communication channel to intended endpoints in Windows PowerShell allows a local attacker to elevate privileges. This issue allows attackers to affect...