Skip to main content

Trending Vulnerabilities

Real-time threat radar – CVEs ranked by multi-signal trending score

1
Trending CVEs
16
Advisories
0
Critical
1
High
0
KEV
1
POC Available
17 trending items
How trending scores work

Each CVE is scored by accumulating heat signals within 48h of publication. Score decays 20%/day after 3 days.

+5 CISA KEV +4 EPSS > 0.5 +4 POC < 48h +3 CISA/CERT-EU advisory +3 SSVC active exploitation +2 Multi-vendor patches +2 User stacks affected +2 ZDI advisory +1–3 News mentions
7 Score GHSA
A critical policy enforcement flaw in the openclaw npm package (versions prior to 2026.4.29) allows a QQBot sender to invoke exported admin commands while bypassing the QQBot-specific DM-only restriction and allowFrom access controls. When the affected feature is enabled and reachable by lower-trust input, an attacker can trigger admin-level behavior from a sender or context that the operator's policy was explicitly configured to block, effectively nullifying access boundary enforcement without requiring authenticated operator credentials. The vulnerability is scoped to the QQBot integration surface; OpenClaw's broader trusted-operator model for authenticated Gateway operators and installed plugins is not directly affected by this specific flaw, though the package has faced concurrent supply chain scrutiny including a February 2026 incident where cline@2.3.0 silently installed openclaw on approximately 4,000 machines before the malicious version was deprecated. Operators should upgrade to openclaw 2026.4.29 immediately, which is the first stable release containing the fix; those unable to patch should disable exported QQBot admin commands or restrict QQBot access entirely until the update can be applied. As additional hardening, operators should audit channel and tool allowlists to ensure they are narrowly scoped, avoid sharing a single Gateway instance between mutually untrusted users, and disable any QQBot admin features not actively required by their deployment.
News Buzz Cvss 9plus 6 news
6
News
7 Score GHSA
The npm package @webda-infra/search has been identified as a malicious package containing malware across all published versions (>= 0), representing a supply chain attack targeting JavaScript developers who install it directly or as a transitive dependency. Any system that has executed this package must be treated as fully compromised, meaning an attacker may have gained complete control of the host environment, including access to environment variables, credential stores, SSH keys, API tokens, and any secrets accessible to the Node.js process. The news articles provided do not contain reporting specific to this package, so precise publication dates, download counts, or payload details are not available from the supplied sources. Organizations should immediately remove @webda-infra/search from all environments, but removal alone cannot be considered sufficient remediation given that arbitrary code may have already executed and persisted additional malicious software. All secrets, API keys, cloud credentials, and tokens present on affected machines should be rotated immediately from a clean, unaffected system, and affected hosts should be reimaged rather than patched in place. There is no safe version of this package - the entire package should be blocklisted in your dependency allow-lists and artifact registries, and any CI/CD pipeline or developer machine that ran a build pulling this dependency should be treated as a compromised node in your environment.
News Buzz Cvss 9plus 5 news
5
News
7 Score MAL
MAL-2026-6599 CRITICAL
Malicious code in @alerts/components (npm)
News Buzz Cvss 9plus Supply Chain 4 news
4
News
7 Score MAL
MAL-2026-6612 CRITICAL
Malicious code in @ddh-libs/analytics (npm)
News Buzz Cvss 9plus Supply Chain 4 news
4
News
7 Score MAL
MAL-2026-6633 CRITICAL
Malicious code in @ms-ows/logging (npm)
News Buzz Cvss 9plus Supply Chain 3 news
3
News
7 Score MAL
MAL-2026-6741 CRITICAL
Malicious code in @node-cloud/create (npm)
News Buzz Cvss 9plus Supply Chain 3 news
3
News
7 Score MAL
MAL-2026-6607 CRITICAL
Malicious code in @content-editor/common (npm)
News Buzz Cvss 9plus Supply Chain 3 news
3
News
6 Score GHSA
Malware in @ddh-libs/analytics
News Buzz Cvss 9plus 4 news
4
News
6 Score GHSA
Malware in @alerts/components
News Buzz Cvss 9plus 4 news
4
News
6 Score GHSA
Malware in @node-cloud/create
News Buzz Cvss 9plus 3 news
3
News
6 Score GHSA
Malware in @content-editor/common
News Buzz Cvss 9plus 3 news
3
News
6 Score GHSA
Malware in @ms-ows/logging
News Buzz Cvss 9plus 3 news
3
News

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy