161 matches found
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...
EUVD-2026-12267
A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...
EUVD-2026-12269
A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...
CVE-2026-4198
A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...
CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection
A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...
CVE-2026-4198
The CVE affects hypermodel-labs/mcp-server-auto-commit 1.0.0. The vulnerability is in the getGitChanges function of index.ts, enabling command injection via a local attack. An exploit has been publicly disclosed. A patch is available (hash: f7d992c830c5f2ec5749852e66c0195e3ed7fe30) and applying i...
EUVD-2026-11486
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2024-14026 QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
PT-2026-24895
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
MiracleLinux 7 : emacs-24.3-23.0.1.el7.AXS7 (AXSA:2024-8912:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8912:03 advisory. CVE-2024-48337: fix etags local command injection vulnerability CVEs: CVE-2024-48337 RESERVED This candidate has been reserved by an organization or individu...
CVE-2025-43940
Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...
PT-2025-41171
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.1.0.10 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25 Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.50 Description The software contains an Improper...
EUVD-2025-25251
Malicious code in bioql PyPI...
EUVD-2024-32561
Malicious code in bioql PyPI...
EUVD-2024-16121
Malicious code in bioql PyPI...
EUVD-2025-25253
Malicious code in bioql PyPI...
EUVD-2024-50278
Malicious code in bioql PyPI...
CVE-2025-10767
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...