Lucene search
+L

2512 matches found

OSV
OSV
added 2026/07/02 4:5 p.m.11 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 a.m.12 views

CVE-2026-13538

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS0.01306EPSS
Exploits0References10
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:4 a.m.10 views

xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()

...

7.8CVSS5.8AI score0.00135EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 11:46 p.m.14 views

EUVD-2026-39485

pnpm: Reserved bin name deletes PNPMHOME during global remove...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.10 views

SUSE CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 6:16 p.m.12 views

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:44 p.m.24 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 4:44 p.m.3 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:44 p.m.5 views

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 4:44 p.m.24 views

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/25 9:16 a.m.6 views

UBUNTU-CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53239 xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS0.00135EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 8:39 a.m.2 views

CVE-2026-53239 xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

5.7AI score0.00135EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53239

The CVE-2026-53239 issue is a Linux kernel use-after-free in the xfrm policy path, specifically in xfrm_policy_bysel_ctx(). A race between CPU0 deleting a policy and CPU1 rebuilding inexact policy bins can lead to UAF of the inexact bin, causing potential system instability or DoS. The fix prunes...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS5.6AI score0.00135EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39330

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

5.7AI score0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52524

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description Manifest bin object keys such as "", ".", and ".." bypass the bin-name guard. If a malicious package is installed globally, subsequent global remove, update, or...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52334

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xfrm policy component. A race condition occurs in the xfrm policy bysel ctx function when xfrm policy lock is dropped before pruning the bin. If...

7.8CVSS6.1AI score0.00135EPSS
Exploits0References21
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:16 a.m.11 views

Malicious code in evil-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fafd2d99f9cf4494726ad31b7444c029e6af96702066992ae4b0741c5239b1a Package declares "bin": "node": "./shim.js" in package.json, which registers shim.js as the node command in nodemodules/.bin. In any environment wher...

6.2AI score
Exploits0References6
Rows per page
Query Builder