Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

The Hacker News
The Hacker Newsadded 2026/06/12 7:33 p.m.29 views

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

5.6AI score
Exploits0
NVD
NVDadded 2026/03/29 1:17 p.m.4 views

CVE-2026-32978

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

9.4CVSS0.00179EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/29 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.11 contained security vulnerabilities. These vulnerabilities were due to approval integrity issues. When precise file binding was not possible, attackers could modify scripts...

7.3CVSS6AI score0.00132EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/20 10:30 a.m.8 views

Malicious code in cloud-datasets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7cbbef34e9c8a9e6db79ffb59dde86dafe9734166f201aae8a5d1837ac262fc0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/16 12:6 a.m.3 views

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

9.3CVSS5.5AI score0.00293EPSS
Exploits0References5
OSV
OSVadded 2025/11/11 4:25 a.m.2 views

MAL-2025-88752 Malicious code in nana-tongseng38-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 525405c5aa249f6e926df7db816452212fbb3867ef360bb0edc7b7a5acb75424 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
NVD
NVDadded 2025/09/22 5:16 p.m.2 views

CVE-2025-57431

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and...

8.8CVSS0.00324EPSS
Exploits1References2
Rows per page
Query Builder