MAL-2026-4393 Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

CVE-2026-32001

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

CVE-2026-23812

Technical details (vulnerable products, affected versions, or exploit specifics) are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat/ENISA and vendor advisories.

CVE-2025-62820

A flaw was found in Slack Nebula. An improper CIDR construction in the hostmap logic makes the inbound firewall overly permissive for nodes with certificates allowing subnets or multiple IPs. An attacker controlling such a node can send packets with arbitrary source IP addresses within the networ...

SUSE-SU-2025:02783-1 Security update for icinga2

This update for icinga2 fixes the following issues: - CVE-2025-48057: A certificate incorrectly treated as valid can allow an attacker to impersonate a trusted node bsc1243747...

Security update for icinga2

This update for icinga2 fixes the following issues: CVE-2025-48057: A certificate incorrectly treated as valid can allow an attacker to impersonate a trusted node bsc1243747. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

SUSE CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...