CVE-2026-35533

mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...

PT-2026-31023

Name of the Vulnerable Software and Affected Versions mise versions 2026.2.18 through 2026.4.5 Description mise improperly loads trust-control settings from a local project .mise.toml file before performing trust checks. This allows an attacker who can place a malicious .mise.toml file in a...

PT-2026-33861

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An environment variable injection issue occurs because the software loads the .env file from the current working directory before the trusted state-dir configuration. This allows untrusted...

SUSE CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in repository-prompts-rate-limiter-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cf377bb81f4927325b2351ce7a12400024c12876e52b462e3cd4f8643761011 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...