Lucene search
K

2507 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.30 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.26 views

CVE-2026-53831

OpenClaw

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 9:56 p.m.3 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

7.6CVSS6AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-49035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...

8.3CVSS5.2AI score0.00191EPSS
Exploits0References7
OSV
OSV
added 2026/06/11 5:5 a.m.11 views

MAL-2026-5582 Malicious code in wp-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec2e092036cea9a9b2563e18b3d588ab046800c2160fb820081423b909066759 Package squats the wp-env CLI name commonly invoked as npx wp-env by users intending @wordpress/env. The package ships only bin/run.js declared main:...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.20 views

Malicious code in mcp-server-sequential-thinking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:34 p.m.14 views

MAL-2026-5484 Malicious code in mcp-server-sequential-thinking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 6:3 p.m.17 views

Malicious code in fhirproxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/09 6:3 p.m.11 views

MAL-2026-5460 Malicious code in fhirproxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:34 p.m.20 views

Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score
Exploits0References2
NVD
NVD
added 2026/06/07 4:16 a.m.14 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS0.01681EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 3:15 a.m.14 views

EUVD-2026-34983

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.14 views

CVE-2026-45154

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.3AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31164

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS5.9AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-31176

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS5.9AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31169

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS5.9AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

10CVSS7.5AI score0.01766EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7242

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

10CVSS7.4AI score0.02452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.7 views

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS7.5AI score0.02448EPSS
Exploits0References1
Rows per page
Query Builder