EUVD-2026-25344

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

CVE-2026-41360

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

PT-2026-34791

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the approval process for local scripts in pnpm dlx. An attacker can execute unauthorized or modified scripts by replacing an approved local script after...

CVE-2026-30332

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

EUVD-2026-18350

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2026-30332

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2026-30332

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

Etcher 安全漏洞

Etcher is an operating system image burning tool developed by balena. Versions of Etcher prior to 2.1.4 contained security vulnerabilities. These vulnerabilities were caused by race conditions, allowing attackers to replace legitimate scripts with malicious payloads during the burning process,...

PT-2026-29795

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2026-30332

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2025-34323

Nagios Log Server is vulnerable in versions prior to 2026R1.0.1 due to an unsafe interaction between passwordless sudo rules and group-writable script directories. The www-data user is in the nagios group, which has write access to /usr/local/nagioslogserver/scripts, while scripts in that directo...

EUVD-2022-28988

Malicious code in bioql PyPI...

EUVD-2022-34121

Malicious code in bioql PyPI...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

SUSE CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...

DEBIAN-CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...

CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...

CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...