Malicious code in d4rktg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019 The library's sole authorization primitive, CustomFilters.authorize in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudousers list...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.21 contained security vulnerabilities. These vulnerabilities were caused by an authorization bypass in the command-auth.ts file, which allowed unauthorized senders to bypass the...

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16622)

OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...

GHSA-R7VR-GR74-94P8 OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces

Summary OpenClaw documented /config and /debug as owner-only commands, but the command handlers checked only whether the sender was command-authorized. A lower-trust sender who was intentionally allowed to run commands could still reach privileged configuration and debugging surfaces. Impact This...

PT-2023-21243 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.3.1 Description: The PublicService module in Apache Linkis uploads files without restrictions on the path to the uploaded files and file types. Recommendations: For versions =1.3.1, upgrade to version 1.3.2. For...

PYSEC-2016-37

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...