CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41636

CVE-2026-41636 describes an Uncontrolled Recursion vulnerability in the Apache Thrift Node.js bindings. Affected software is Apache Thrift versions prior to 0.23.0. The issue is mitigated by upgrading to Thrift 0.23.0, which fixes the problem. The available documents do not specify exact affected...

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from a security bypass issue in node.invokebrowser.proxy, which allowed modification of persistent browser...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization; the node.pair.approve method accepted the operator.write scope instead of the...

PT-2026-35763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A privilege escalation issue allows paired nodes with role=node to dispatch node.event agent requests, granting unrestricted tool access on the gateway side. Attackers possessing trusted paired...

PT-2026-35812

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

PT-2026-35704

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Uncontrolled Recursion occurs in the Node.js bindings of Apache Thrift. Uncontrolled recursion is a condition where a function calls itself without a proper termination condition, potentially...

PT-2026-35804

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairi...

Malicious code in apple-app-store-server-library-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

Malicious code in @w3m-frame/session_update (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a327a8e78038064af56af7f6b1aa21b98a0cee0ed571f5fa53d6187a2b8f9cd1 The package @w3m-frame/sessionupdate was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3122 Malicious code in @w3m-frame/session_update (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a327a8e78038064af56af7f6b1aa21b98a0cee0ed571f5fa53d6187a2b8f9cd1 The package @w3m-frame/sessionupdate was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pyme-web/ui-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6780882125fbf59796027cea605339595d23058e19a6a2a257637f225adb51e8 The package @pyme-web/ui-base was found to contain malicious code. Source: ghsa-malware...

reflected-xss-demo

Reflected XSS Demo Small intentionally vulnerable loca...

MAL-2026-3108 Malicious code in @activation_code/success (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00bacff8cfa3ae8a22cfb51c4be0ad025ce42bc29929c07a7eaad6be36c702c The package @activationcode/success was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/cancelled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0c6d2bdfddde00dc6bb5663ffb7fd381c2e392a8c65d6a8890b400c219c160d The package @apple-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3117 Malicious code in @business_promocode/cancel_promocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 002798d60b98859a68bc9daf0ebaf7794b8d83973b69fb4c8bfe9979f685e51d The package @businesspromocode/cancelpromocode was found to contain malicious code. Source: ghsa-malware...

Malicious code in @business_promocode/cancel_promocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 002798d60b98859a68bc9daf0ebaf7794b8d83973b69fb4c8bfe9979f685e51d The package @businesspromocode/cancelpromocode was found to contain malicious code. Source: ghsa-malware...