82086 matches found
CVE-2026-41338
OpenClaw prior to 2026.3.31 contains a time‑of‑check/time‑of‑use (TOCTOU) vulnerability in sandbox file operations that lets attackers bypass fd‑based defenses. The issue arises from check‑then‑act patterns in apply_patch, remove, and mkdir, enabling manipulation of files between validation and e...
CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
CVE-2026-41338
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...
MAL-2026-3020 Malicious code in @bitwarden/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...
MAL-2026-3019 Malicious code in hls.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d28bd3e78b3ca60b3356380f0d7931659606c2b5def5865480d838ad21a0b3 The package hls.js was found to contain malicious code. Source: ghsa-malware 04b58b7f11fd42610f3056d4bc9aa84804d2ab9e657d7b84771cec1efe363ba9 Any...
Malicious code in json-spacer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...
MAL-2026-3007 Malicious code in json-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...
Malicious code in changelog-utils-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59b5bb27f7c03b12e70af2a6d86b388cad7c4fdd02e8ee381f947d291ce9acd The package changelog-utils-structured-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3005 Malicious code in changelog-cli-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a1e229322241da9d146f6aad5c96de566b2707088406fd7de40cbb69445023 The package changelog-cli-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3006 Malicious code in changelog-utils-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59b5bb27f7c03b12e70af2a6d86b388cad7c4fdd02e8ee381f947d291ce9acd The package changelog-utils-structured-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3004 Malicious code in @nklkas/hyperliquid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc648f0f62878455b1b388282a720ca552dad5cf17d8545393cb7f57fdbfdab The package @nklkas/hyperliquid was found to contain malicious code. Source: ghsa-malware...
Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...
MAL-2026-3010 Malicious code in separadordeinfocc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90aec77465d7938875e19e8508965f986ac0e81968433307546a40823fa805e6 The package separadordeinfocc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3013 Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...
Malicious code in ts-bing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40d37b07fc8e6787bc2d3d2663da2df22b01361703a1867df5ae0ab66b385e73 The package ts-bing was found to contain malicious code. Source: ghsa-malware 7c6fb627ade01c59834bbe660c130fe103e1bb111c7ed8a68b0b19ba3f826a19 Any...
Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
MAL-2026-3011 Malicious code in ts-bing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40d37b07fc8e6787bc2d3d2663da2df22b01361703a1867df5ae0ab66b385e73 The package ts-bing was found to contain malicious code. Source: ghsa-malware 7c6fb627ade01c59834bbe660c130fe103e1bb111c7ed8a68b0b19ba3f826a19 Any...
MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious code in @amsterdam-local/forms-component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 291b91d9d855e239db33d7709fe9a88228eee0a166ce7312b5fb7f55f57dc488 The package @amsterdam-local/forms-component-library was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3003 Malicious code in @amsterdam-local/forms-component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 291b91d9d855e239db33d7709fe9a88228eee0a166ce7312b5fb7f55f57dc488 The package @amsterdam-local/forms-component-library was found to contain malicious code. Source: ghsa-malware...