CVE-2026-53842

OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...

Malicious code in jec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfd390b5ea0fe558bd7f5fd56dec8386148e58d7f8d4b6bba14f8a2aa8b6d323 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in quicktestybesty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459aa54bf8ac82101b14d4f85d01dde304aa638276b69a76254ff080ea52d5af During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

K000152019: Python Setup Tools vulnerability CVE-2024-6345

Security Advisory Description A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers,...

PT-2024-28742 · Robotmk · Robotmk

Name of the Vulnerable Software and Affected Versions: Robotmk versions prior to 2.0.1 Description: The issue allows a local user to escalate privileges, for example, to SYSTEM, if automated Python environment setup is enabled. This is due to the "shared holotree usage" feature, which allows any...

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...