81885 matches found
Malicious code in wrapped-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe112208d0bcdd21ccfe23bb9c5658a1be2eebaf37068032ea67bb9f93559a9c The package wrapped-logger-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3027 Malicious code in wrapped-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe112208d0bcdd21ccfe23bb9c5658a1be2eebaf37068032ea67bb9f93559a9c The package wrapped-logger-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in sagat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...
MAL-2026-3026 Malicious code in sagat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...
EUVD-2026-25322
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
PT-2026-34842
The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi remove custom image size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with...
CVE-2026-41338
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
CVE-2026-41338
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
CVE-2026-41338
OpenClaw prior to 2026.3.31 contains a time‑of‑check/time‑of‑use (TOCTOU) vulnerability in sandbox file operations that lets attackers bypass fd‑based defenses. The issue arises from check‑then‑act patterns in apply_patch, remove, and mkdir, enabling manipulation of files between validation and e...
CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
MAL-2026-3020 Malicious code in @bitwarden/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...
MAL-2026-3019 Malicious code in hls.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d28bd3e78b3ca60b3356380f0d7931659606c2b5def5865480d838ad21a0b3 The package hls.js was found to contain malicious code. Source: ghsa-malware 04b58b7f11fd42610f3056d4bc9aa84804d2ab9e657d7b84771cec1efe363ba9 Any...
MAL-2026-3007 Malicious code in json-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...
Malicious code in json-spacer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...
MAL-2026-3004 Malicious code in @nklkas/hyperliquid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc648f0f62878455b1b388282a720ca552dad5cf17d8545393cb7f57fdbfdab The package @nklkas/hyperliquid was found to contain malicious code. Source: ghsa-malware...
Malicious code in changelog-utils-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59b5bb27f7c03b12e70af2a6d86b388cad7c4fdd02e8ee381f947d291ce9acd The package changelog-utils-structured-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3005 Malicious code in changelog-cli-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a1e229322241da9d146f6aad5c96de566b2707088406fd7de40cbb69445023 The package changelog-cli-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3006 Malicious code in changelog-utils-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59b5bb27f7c03b12e70af2a6d86b388cad7c4fdd02e8ee381f947d291ce9acd The package changelog-utils-structured-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3013 Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...
Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...