Malicious code in api-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2558 Malicious code in robase-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68a1df331005b75fc4c5e3aac4adf912ec273dd9c6fa671128aa73c96e3a935 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2557 Malicious code in databasesupasafe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 462606bd9f9e3129dcfdd3d667ea6d87e8f58f32ee61727dc133ecb9465d9e37 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in databasesupasafe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 462606bd9f9e3129dcfdd3d667ea6d87e8f58f32ee61727dc133ecb9465d9e37 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in roboat-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 615237831a485ffde23ee69088df25f4ef45d00e99aab6fff27b7ee28f781890 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2543 Malicious code in robase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f128f86ab257491fc121f6b5d630cf37776085c139f199ec930ec16a31691855 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f128f86ab257491fc121f6b5d630cf37776085c139f199ec930ec16a31691855 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in databasetrace (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 144ff96bc84711f9be4c580e9d4b4cdcc650d9faf2f6ca9008ca34234d888805 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2542 Malicious code in databasetrace (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 144ff96bc84711f9be4c580e9d4b4cdcc650d9faf2f6ca9008ca34234d888805 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

EUVD-2026-21583

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-35666

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands...

CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands...

Quarkus OpenAPI Generator 路径遍历漏洞

Quarkus OpenAPI Generator is an open-source code generation tool based on the OpenAPI specification, developed by Quarkiverse Hub. Versions of Quarkus OpenAPI Generator prior to 2.16.0 and 2.15.0-lts contained a path traversal vulnerability. This vulnerability stemmed from the unzip method in...

GHSA-7437-7HG8-FRRW OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)

Impact HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection GHSA-cm8v-2vh9-cxf3 class. Missing denylist entries allowed hostile build-tool environment variables to influence host exec commands. OpenClaw is a user-controlle...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...

The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

GHSA-JX2W-VP7F-456Q quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...

MAL-2026-2512 Malicious code in roboat-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 206186397510c57a9f8cb5e6ca8bdf9d5e1349b99e73f8d06da13e687924feea This package is a malicious clone of a legitimate Roblox API wrapper. The new versions are published simultaneously with publishing malicious dependencies and...