Lucene search
K

7921 matches found

OSV
OSV
added 2026/04/18 6:7 p.m.6 views

MAL-2026-2859 Malicious code in rblx-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be690c2f32ad941003f8733406643848380c3918af421fa56c8ec0802b9c261d During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Snyk
Snyk
added 2026/04/17 10:12 p.m.9 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the authentication setup. An attacker can cause untrusted workspace plugins to be auto-enabled by leveraging non-interactive onboarding that selects a...

8.8CVSS5.7AI score0.00381EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 9:58 p.m.12 views

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Summary Channel setup catalog lookups could include untrusted workspace plugin shadows. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Channel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-ti...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/17 9:58 p.m.3 views

GHSA-82QX-6VJ7-P8M2 OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Summary Channel setup catalog lookups could include untrusted workspace plugin shadows. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Channel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-ti...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 6:46 p.m.4 views

MAL-2026-2852 Malicious code in aet-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf718588332bb7bfa01fcad3d6c7ece7d3a2e075b036201a74c38bcab78c17e9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 1:41 p.m.6 views

Malicious code in shan-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/17 1:41 p.m.11 views

MAL-2026-2847 Malicious code in shan-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 10:56 a.m.8 views

Malicious code in shan-lib-poc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6c2f4a0560b1811eba11c9fd304f7441ab7e04f4e569e01bdfe06aba6722edb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 7:49 a.m.7 views

Malicious code in keystackutilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/17 7:49 a.m.5 views

MAL-2026-2833 Malicious code in keystackutilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 7:49 a.m.9 views

Malicious code in loadcoremwassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20499474b0d0eb5a02bdd34aba8dbd438993b87506fb7a9bd88a62a729736221 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/17 7:49 a.m.7 views

MAL-2026-2834 Malicious code in loadcoremwassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20499474b0d0eb5a02bdd34aba8dbd438993b87506fb7a9bd88a62a729736221 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
Fedora
Fedora
added 2026/04/17 12:54 a.m.7 views

[SECURITY] Fedora 43 Update: nix-2.31.4-1.fc43

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-37026

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A plugin trust bypass exists where channel setup catalog lookups may resolve workspace plugin shadows before bundled channel plugins. This allows attackers to craft malicious workspace plugins...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007630 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

5.8AI score0.00177EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/04/17 12:0 a.m.115 views

OpenEXR -- several integer overflow vulnerabilities

Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...

8.8CVSS5.8AI score0.0045EPSS
Exploits2References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.8 views

[SECURITY] Fedora 44 Update: plasma-setup-6.6.4-4.fc44

Initial setup for systems using KDE Plasma...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:41 p.m.7 views

[SECURITY] Fedora 44 Update: nix-2.34.5-1.fc44

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
OSV
OSV
added 2026/04/16 10:30 p.m.5 views

MAL-2026-2821 Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 2:3 p.m.11 views

Malicious code in emergentintegrations (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fce023cdc4fa1509dbc8512d9b3728d4f5944941a522f63b94ef27b764ee4fbd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Rows per page
Query Builder