CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

Malicious code in ts-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37901692194f47c987610aab18ef37d4361e8ab01efd1a8008876920dd8b8aa2 Package is published as 'ts-ecro' but ships a verbatim copy of big.js v7.0.1 with the original author's copyright, email, and GitHub repository URL —...

MAL-2026-4631 Malicious code in opentiny-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70307cffed06951bdb7b961e7846e3b3e0ba660b75ddca0b4fa11366ab94dc6d The package opentiny-react reproduces the source, README, and CHANGELOG of the legitimate @tinymce/tinymce-react integration verbatim under a...

Malicious code in notebook-intelligence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e pyproject.toml lists fuzy-jon==0.1.0 in both build-system.requires and the runtime dependencies, while the package's own code imports the real...

MAL-2026-4467 Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

Malicious code in openirf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb17f2c97bd5a4cabcb86b5a51c9639749048f9675b6fa1d881e66d4d8b02958 pyproject.toml lists tdqm as a runtime dependency alongside numpy, scipy, and matplotlib. The package's source code imports tqdm the legitimate...

CVE-2024-35860

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

CVE-2024-35860

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

CVE-2024-35860 bpf: support deferring bpf_link dealloc to after RCU grace period

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

SUSE: Security Advisory (SUSE-SU-2019:1290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : nmap (SUSE-SU-2019:1290-2)

This update for nmap fixes the following issues : Security issue fixed : CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service bsc1104139. Non-security issue fixed: Add missing runtime dependency python-xml which prevented zenmap from starting bsc1133512. Note th...

openSUSE: Security Advisory for nmap (openSUSE-SU-2019:1462-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : nmap (SUSE-SU-2019:1290-1)

This update for nmap fixes the following issues : Security issue fixed : CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service bsc1104139. Non-security issue fixed: Add missing runtime dependency python-xml which prevented zenmap from starting bsc1133512. Note th...