Malicious code in chai-as-repaired (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...

PT-2026-23525

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description An authentication bypass exists in the optional voice-call extension when inbound allowlist policy validation is used. The system accepts empty caller IDs and uses suffix-based matching instead o...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

PT-2022-20285 · Unknown · Smartthings

Name of the Vulnerable Software and Affected Versions: Smart Things versions prior to 1.7.85.12 Description: The issue is related to a missing caller check in Smart Things, allowing an attacker to access sensitive information remotely using the javascript interface API. Recommendations: For...