29 matches found
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
EUVD-2026-31493
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
PT-2026-42830
Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...
CVE-2026-42088
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
CVE-2026-42088
Summary: CVE-2026-42088 affects OpenC3 COSMOS before 7.0.0-rc3. The Script Runner widget in the openc3-COSMOS-script-runner-api container allows any user with script permissions to bypass API checks and perform administrative actions across the docker network. This can enable reading/modifying da...
EUVD-2026-27065
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
PT-2026-36882
Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0-rc3 Description The Script Runner widget allows users to execute Python and Ruby scripts directly from the 'openc3-COSMOS-script-runner-api' container. Since all Docker containers share a network, users ca...
GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool
Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...
OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool
Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...
CVE-2026-34977
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...
CVE-2026-34977
Aperi'Solve is an open-source steganalysis web platform. Prior to version 3.2.1, uploading a JPEG with an optional password leads the password to be passed into an expect command and then into a bash -c command without sanitization. An unauthenticated attacker can achieve root-level RCE inside th...
EUVD-2026-19361
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...
CVE-2026-34977 Aperi'Solve Affected by Unauthenticated RCE via JPSeek Analyzer Command
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
EUVD-2026-13324
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...