120 matches found
EUVD-2026-31278
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the abilit...
CVE-2026-34930
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...
CVE-2026-34928
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...
GHSA-5F7H-P83X-5VC2 Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhq5-45pm-2gjr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room...
CVE-2026-35624
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...
Incorrect Authorization
Overview openclaw is a š¦ OpenClaw ā Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable...
Malicious code in dmclc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in financial-crimes-general-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...
MAL-2026-1225 Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
WordPress plugin WP 404 Auto Redirect to Similar Post č·Øē«čę¬ę¼ę“
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-14338
Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...
Correctness of Extended RSA Public Key Cryptosystem
This paper proposes an alternative approach to formally establishing the correctness of the RSA public key cryptosystem. The methodology presented herein deviates slightly from conventional proofs found in existing literature. Specifically, this study explores the conditions under which the choic...
MAL-2025-191757 Malicious code in hexdeclink (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4df8ddadb082a2d285b508fc17356d22ef0375649424cc39d9b08a9e32ab6684 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
EUVD-2025-117093
Malicious code in similar-lime-halibut npm...
EUVD-2025-95086
Malicious code in similarbonoboz3n npm...
EUVD-2025-78307
Malicious code in similarslugz3n npm...
MAL-2025-91804 Malicious code in vida-kue41-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5cad985c0f5a15044fe14dbb3ffa136d8bb3051bf76ed31a8cd29cbafd40ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-52020
Malicious code in similar-emerald-hawk npm...
EUVD-2025-52017
Malicious code in similar-yellow-vicuna npm...
EUVD-2025-52022
Malicious code in similar-amaranth-salamander npm...