MAL-2026-1322 Malicious code in rtxnode-sass22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a78ba8212bc3ab76a0cd01b40b2a3c0b18f319ccb29c6ccea455e9a89449a8 The package rtxnode-sass22 was found to contain malicious code. Source: ghsa-malware f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671...

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability. This vulnerability stems from the lack of boundary checks in the DeviceId function within DeviceId.java, which results in persistent data synchronization issues. This may lead to an increase in...

Game-Theoretic Modeling of Stealthy Intrusion Defense against MDP-Based Attackers

The rapid expansion of Internet use has increased system exposure to cyber threats, with advanced persistent threats APTs being especially challenging due to their stealth, prolonged duration, and multi-stage attacks targeting high-value assets. In this study, we model APT evolution as a strategi...

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...

GHSA-HFPR-JHPQ-X4RM OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can perform unauthorized persistent configuration changes by routing /config set or /config unset commands through an...

OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information (CVE-2024-39275)

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. This plugin...

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

BIT-MOODLE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

Malicious code in @imhuman/fw-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

CVE-2025-48644

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

SPARTAN

SPARTAN v2.0 — Autonomous Security Audit & Exploit Agent...

MAL-2026-1193 Malicious code in cloud-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d014766db57fb4d6cceffc9e45821e7c14135a358abdc4db25a0310538266699 The package cloud-apis was found to contain malicious code. Source: ghsa-malware 34de661e0892c5941755ca8d9db5fbcd64da940f5b21755f4b20862a758fe769 Any...

Malicious code in xpack-per-device (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...