CVE-2026-53810

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

Exploiting LLM Agent Supply Chains Via Payload-Less Skills

Autonomous agents powered by Large Language Models LLMs acquire external functionalities through third-party skills available in open marketplaces. Adopting these integrations broadens the potential attack surface, prompting a need for systematic security evaluation. Current auditing mechanisms a...

CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

EUVD-2005-3398

Malware in sbrugna...

EUVD-2005-3372

Malware in sbrugna...

EUVD-2005-3376

Malware in sbrugna...

EUVD-2005-3377

Malware in sbrugna...

EUVD-2005-0219

Malware in sbrugna...

EUVD-2007-3114

Malware in sbrugna...

CVE-2025-1889 picklescan - Security scanning bypass via non-standard file extensions

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been reported: Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries CVE-2008-0314. Alin Rad Po...

CVE-2004-2703

Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted"...

Authentication flaw

The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files...

CVE-2007-3804

The CVE-2007-3804 vulnerability affects Clavister CorePlus before versions 8.81.00 and 8.80.03, where the HTTP-ALG Antivirus engine may bypass scanning for small files. This remote issue (attack vector: network; no authentication required) can impact data integrity with a partial impact, accordin...

DEBIAN-CVE-2007-3122

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR...

CVE-2007-3122

CVE-2007-3122 affects ClamAV’s RAR decompression path. The vulnerability (root cause: insufficient validity checks in the RAR header/decompression logic) lets remote attackers bypass scanning for RAR archives. Affected product/version details in public advisories: ClamAV before 0.90.3 and 0.91 be...

CVE-2005-3401

Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

CVE-2005-3401

CVE-2005-3401 describes a vulnerability in TheHacker 5.8.4.128 where a multiple interpretation error permits a remote bypass of virus scanning by crafted files (e.g., BAT, HTML, EML) that carry an explicit MZ (EXE) byte sequence. The content can be treated as a safe type while still being executa...

CVE-2005-3371

Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

CVE-2005-3374

Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangero...