98 matches found
Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...
Malicious code in abi-encode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc61427f74a028242a032b9436c09c43b1df60fef5688aa5389ef107e899259 The package advertises ABI encoding but on require schedules a 37-second timer that decodes test/fixtures/keypairs.dat base64-encoded stealer, staged...
PT-2026-58181
Name of the Vulnerable Software and Affected Versions Windows Internal Task Bar affected versions not specified Description A use-after-free condition in the Windows Internal Task Bar allows an authorized local attacker to elevate their privileges. Use-after-free is a memory corruption issue that...
CVE-2026-22176
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
PT-2026-27221
OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-22176
OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
PT-2026-26221
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
CVE-2021-31989
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...
Metasploit Wrap-Up 11/07/2025
New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...
EUVD-2021-18861
Malware in sbrugna...
EUVD-2019-1589
Malware in sbrugna...
EUVD-2015-2621
Malware in sbrugna...
EUVD-2023-25708
Malicious code in bioql PyPI...
EUVD-2024-43935
Malicious code in bioql PyPI...
The vulnerability of the Task Scheduler in Windows operating systems allows a malicious individual to escalate their privileges.
The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...