CVE-2026-26323 OpenClaw has a command injection in maintainer clawtributors updater

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

CVE-2026-26323 OpenClaw has a command injection in maintainer clawtributors updater

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

CVE-2023-25394

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours...

EUVD-2017-17792

Malware in sbrugna...

EUVD-2023-29350

Malicious code in bioql PyPI...

CVE-2023-25394

CVE-2023-25394 affects the Videostream macOS app (versions 0.4.3–0.5.0). The root cause is a race condition in the Updater privileged script that runs every 5 hours, during which a low-privileged attacker could influence the update process and replace update files. CERT/CC corroborates a root-pri...

PT-2023-20044 · Unknown · Videostream

Name of the Vulnerable Software and Affected Versions: Videostream macOS app versions 0.4.3 through 0.5.0 Description: The issue is related to a Race Condition in the Videostream macOS app. The Updater privileged script attempts to update Videostream every 5 hours. Recommendations: For versions...

CVE-2020-27464

An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file...

OnePlus OTA One/X Crossover Vulnerability(CVE-2017-8851)

Products OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details Due to lenient updater-script on the OnePlus One & X’s OTA images see below, the fact both products use the same OTA verification keys, and the fact both products share the same...

Design/Logic Flaw

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...

Code injection

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for...

CVE-2017-8850

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for...

Mozilla Firefox Multiple Vulnerabilities (Aug 2015) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...