46 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-56787
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to...
CVE-2026-56789
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...
CVE-2026-56788
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...
UBUNTU-CVE-2026-56787
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...
EUVD-2026-39531
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...
EUVD-2026-39529
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...
CVE-2026-54555
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...
CVE-2026-55249
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...
CVE-2026-54555 rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...
CVE-2026-54555
CVE-2026-54555 affects rtK prior to 0.42.2. The issue lies in the permission splitter, which failed to conservatively split or reject shell constructs Bash treats as command boundaries or nested execution. Consequently, a command starting with an allowed prefix (e.g., git) could conceal a second,...
EUVD-2026-38573
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...
EUVD-2026-38571
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...
CVE-2026-55249
The CVE-2026-55249 issue affects @rtk-ai/rtk-rewrite OpenClaw plugin (v1.0.0), where attacker-controlled input is injected into a shell-backed execSync() template string. JSON.stringify() wraps values in quotes but does not neutralize shell metacharacters, leaving $() and backticks untouched. Sin...
CVE-2020-37252 Realtek Audio Service 1.0.0.55 Unquoted Service Path Privilege Escalation
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with...
Malicious code in typescript-rtk-query (npm)
The package 'typescript-rtk-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1537 Malicious code in typescript-rtk-query (npm)
The package 'typescript-rtk-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
CVE-2025-60419
An issue was discovered in the NDIS Usermode IO driver RtkIOAC60.sys, version 6.0.5600.16348 allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service...
CVE-2025-60419
CVE-2025-60419 affects Realtek’s NDIS Usermode IO driver RtkIOAC60.sys (v6.0.5600.16348). The issue allows a local authenticated attacker to send a crafted IOCTL to the driver to trigger a denial of service. Attack vector is LOCAL with LOW attack complexity and no privileges required, leading to ...
Malicious Package
Overview rtk-log is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview rtk-sleep is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...