Lucene search
K

98 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
OSV
OSV
added yesterday4 views

MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in abi-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc61427f74a028242a032b9436c09c43b1df60fef5688aa5389ef107e899259 The package advertises ABI encoding but on require schedules a 37-second timer that decodes test/fixtures/keypairs.dat base64-encoded stealer, staged...

6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58181

Name of the Vulnerable Software and Affected Versions Windows Internal Task Bar affected versions not specified Description A use-after-free condition in the Windows Internal Task Bar allows an authorized local attacker to elevate their privileges. Use-after-free is a memory corruption issue that...

7.8CVSS6.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

7.8CVSS6.1AI score0.00637EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27221

OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...

7.4CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.27 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS0.00571EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

6.9CVSS7.3AI score0.00571EPSS
Exploits0References5
CVE
CVE
added 2026/03/19 1:0 a.m.38 views

CVE-2026-22176

OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...

7.8CVSS6.1AI score0.00637EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 1:0 a.m.6 views

CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

6.9CVSS7.3AI score0.00637EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 9:50 p.m.6 views

GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

7.1CVSS6AI score0.00637EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-26221

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

7.8CVSS5.8AI score0.00637EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.9 views

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

5.3CVSS6.8AI score0.00397EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2025/11/07 7:46 p.m.10 views

Metasploit Wrap-Up 11/07/2025

New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...

7.2CVSS8.1AI score0.13843EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18861

Malware in sbrugna...

5.3CVSS5.6AI score0.00397EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-1589

Malware in sbrugna...

7.8CVSS6.5AI score0.02058EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-2621

Malware in sbrugna...

7.2CVSS6.1AI score0.03587EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-25708

Malicious code in bioql PyPI...

7.8CVSS7.9AI score0.00562EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43935

Malicious code in bioql PyPI...

7.8CVSS6.2AI score0.00611EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.14 views

The vulnerability of the Task Scheduler in Windows operating systems allows a malicious individual to escalate their privileges.

The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.4CVSS5.4AI score0.00429EPSS
Exploits0References2
Rows per page
Query Builder