2181 matches found
MAL-2026-2563 Malicious code in robase-installer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2561 Malicious code in robase-help (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b83143e22b0a815d6a2702f547ae9f4620ee086c8b9360a0d60ff2ed2186d56b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-help (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b83143e22b0a815d6a2702f547ae9f4620ee086c8b9360a0d60ff2ed2186d56b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2559 Malicious code in databasesupalake (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78dbe2b5e300604ea36dc85a6b0e9eae4e92b7b3729de10b3951f5e3bfc7729b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in api-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2556 Malicious code in api-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2558 Malicious code in robase-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e68a1df331005b75fc4c5e3aac4adf912ec273dd9c6fa671128aa73c96e3a935 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2557 Malicious code in databasesupasafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 462606bd9f9e3129dcfdd3d667ea6d87e8f58f32ee61727dc133ecb9465d9e37 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in databasesupasafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 462606bd9f9e3129dcfdd3d667ea6d87e8f58f32ee61727dc133ecb9465d9e37 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in roboat-utilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 615237831a485ffde23ee69088df25f4ef45d00e99aab6fff27b7ee28f781890 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f128f86ab257491fc121f6b5d630cf37776085c139f199ec930ec16a31691855 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2543 Malicious code in robase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f128f86ab257491fc121f6b5d630cf37776085c139f199ec930ec16a31691855 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in databasetrace (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 144ff96bc84711f9be4c580e9d4b4cdcc650d9faf2f6ca9008ca34234d888805 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2542 Malicious code in databasetrace (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 144ff96bc84711f9be4c580e9d4b4cdcc650d9faf2f6ca9008ca34234d888805 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
EUVD-2026-21583
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
CVE-2026-35666
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands...
CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands...
Quarkus OpenAPI Generator 路径遍历漏洞
Quarkus OpenAPI Generator is an open-source code generation tool based on the OpenAPI specification, developed by Quarkiverse Hub. Versions of Quarkus OpenAPI Generator prior to 2.16.0 and 2.15.0-lts contained a path traversal vulnerability. This vulnerability stemmed from the unzip method in...