CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

RedhatCVE•added 2026/05/11 8:26 p.m.•5 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

9.8CVSS5.8AI score0.00056EPSS

Exploits0References1

Vulnrichment•added 2026/05/08 12:0 a.m.•4 views

CVE-2025-69599

5.8AI score0.00056EPSS

Exploits0References2

ATTACKERKB•added 2026/05/08 12:0 a.m.•4 views

CVE-2025-69599

5.8AI score0.00056EPSS

Exploits0References3

Snyk•added 2026/02/02 11:39 p.m.•1 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context ...

8.8CVSS5.8AI score0.00089EPSS

Exploits1References2

ATTACKERKB•added 2026/02/02 7:49 p.m.•6 views

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS5.7AI score0.00014EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-5722

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29 Description OpenClaw, formerly Clawdbot, a personal AI assistant, had a command injection issue in its Docker sandbox execution mechanism. This was due to unsafe handling of the PATH environment variable wh...

8.8CVSS5.7AI score0.00089EPSS

Exploits1References22

RedhatCVE•added 2026/01/09 10:44 a.m.•4 views

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

7.8CVSS6.9AI score0.00135EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:58 a.m.•5 views

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

9.8CVSS7.5AI score0.01568EPSS

Exploits0References1

RedHat Linux•added 2025/12/22 1:35 a.m.•1 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00033EPSS

Exploits1References8

Tenable Nessus•added 2025/11/04 12:0 a.m.•3 views

TencentOS Server 4: grafana-pcp (TSSA-2025:0833)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0833 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.7AI score0.00033EPSS

Exploits1References2