CVE-2026-53843

OpenClaw prior to 2026.5.26 contains an authorization bypass where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and al...

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. Versions of Wings prior to 1.12.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in multiple controllers, which could allow node token holders to access information about any serv...

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

EUVD-2018-4046

Malware in sbrugna...

EUVD-2018-4062

Malware in sbrugna...

Malicious code in node-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98c05fd352e2473c2e02bab12ddbc07d7a6a38a346c7962640b31ad91fdb1488 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4891 Malicious code in node-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98c05fd352e2473c2e02bab12ddbc07d7a6a38a346c7962640b31ad91fdb1488 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Logic Flaw Vulnerability in Internet Node Token

Internet Node Token TNT is an ethereum-based virtual currency.A security vulnerability exists in the 'mintToken' function in INT's smart contract implementation. An attacker could exploit the vulnerability to increase the balance of a digital asset at any address...

Logic Flaw Vulnerability in Internet Node Token

Internet Node Token TNT is an ethereum-based virtual currency. A security vulnerability exists in the 'sell' function in INT's smart contract implementation, which stems from the ability of an attacker to specify a selling price. The vulnerability can be exploited by an attacker to cause a...

Buffer overflow

The sell function of a smart contract implementation for Internet Node Token INT, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable...

CVE-2018-12080

The CVE describes a vulnerability in the Internet Node Token (INT) ERC20 contract where the mintToken function has no period constraint. This allows the owner to arbitrarily increase total supply, enabling potential profit manipulation. Documents confirm the affected component is the mintToken fu...

CVE-2018-12063

The sell function of a smart contract implementation for Internet Node Token INT, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable...

CVE-2018-12080

The mintToken function of a smart contract implementation for Internet Node Token INT, a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue...