CVE-2026-41377

OpenClaw OpenClaw before 2026.3.31 has a fail-open vulnerability in the plugin installation flow: security scan failures do not block installation, allowing the possibility to install untrusted plugins when operators proceed after visible scan warnings. Affected product: openclaw (npm). Vulnerabl...

CVE-2026-41377 OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

EUVD-2026-10547

Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004315 advisory. A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass...

GHSA-HGRH-QX5J-JFWX Picklescan Bypasses Unsafe Globals Check using pty.spawn

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabili...

CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

GHSA-4VR7-G93G-CF6M Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314...

PYSEC-2025-152

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan that stems from improper handling of exception conditions by the ZIP archive scanning component, which could lead to bypassing a security scan and executing malicio...

GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...

Symantec Norton AntiVirus 2002 Nested File Manual Scan Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10164/info A vulnerability has been reported in Symantec Norton AntiVirus 2002 that may potentially cause deeply nested files with specific names to bypass manual scanning. This could permit malicious executable content t...

Multiple Vendor Malformed ZIP Archive Anti-virus Detection Bypass

Anti-virus products provide protection against dangerous content such as viruses, trojans, worms and other destructive programs. A non-privileged code execution vulnerability has been reported in the way multiple anti-virus products scan ZIP archive files. The vulnerability is due to ANSI escape...

Symantec Endpoint Protection 11.x Scan Bypass Vulnerability

Symantec Endpoint Protection is prone to a scan bypass vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Symantec Event Manipulation Potential Scan Bypass

SUMMARY On-demand scanning with Symantec AntiVirus can be bypassed by denying read access to user files. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec AntiVirus | 10.0.x | Upgrade to MR9 10.1.x Symantec AntiVirus | 10.2.x | Not Vulnerable Symantec Client Security | 3.0.x |...

F-Secure多个杀毒产品LHA及RAR文档绕过安全扫描漏洞

F-Secure Internet Gatekeeper和F-Secure Anti-Virus都是芬兰的一家杀毒软件厂商所发布的杀毒产品。 F-Secure的这些防病病毒工具处理畸形LHA和RAR文档时存在漏洞，远程攻击者可能利用此漏洞绕过扫描检测。 如果LHA和RAR文件设置了畸形的文档文件头的话，这些文件就可能绕过F-Secure产品的杀毒扫描，导致在用户系统上执行非授权操作。 F-Secure Anti-Virus for Workstations 7.00 F-Secure Anti-Virus for Windows Servers 7.00 F-Secure...

Netragard Security Advisory 2007-02-20

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard, L.L.C Advisory Strategic Reconnaissance Team ------------------------------------------------ http://www.netragard.com -- "We make I.T. Safe." POSTING NOTICE - ----------------------------------------------------------------------- If you...

ClamAV < 0.88.7 MIME-encoded Scan Bypass (deprecated)

Binary data 3842.prm...

Kaspersky Antivirus Client MIME-encoded Scan Bypass

Binary data 3841.prm...

Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass

Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass source: https://www.securityfocus.com/bid/10164/info A vulnerability has been reported in Symantec Norton AntiVirus 2002 that may potentially cause deeply nested files with specific names to bypass manual scanning. This could permit...