CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/01 3:15 a.m.•7 views

CVE-2026-10219 nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

CVE•added 2026/06/01 3:15 a.m.•15 views

CVE-2026-10219

CVE-2026-10219 affects NextLevelBuilder GoClaw up to version 3.11.3. The vulnerability lies in the function FsBridge.WriteFile (internal/sandbox/fsbridge.go) where manipulation can cause an OS command injection. The issue is exploitable remotely and an exploit has been made public. A patch is not...

CVE•added 2026/06/01 2:0 a.m.•15 views

CVE-2026-10214

The CVE affects zhayujie chatgpt-on-wechat Bash Tool (up to 2.0.8). The vulnerability is in agent/tools/bash/bash.py, _get_safety_warning, enabling os command injection via manipulated input and allowing remote exploitation. Exploit code is public (PoC), with the patch in version 2.0.9 (commit 16...

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

CNNVD•added 2026/06/01 12:0 a.m.•6 views

Exploits0References8

goclaw operating system command injection vulnerability

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

7.5CVSS7.4AI score0.01761EPSS

CNNVD•added 2026/06/01 12:0 a.m.•6 views

CowAgent operating system command injection vulnerability

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.8 and earlier had a vulnerability related to operating system command injection. This vulnerability stems from the getsafetywarning function in the...

7.5CVSS7.4AI score0.01761EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45251

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely...

NVD•added 2026/05/31 2:16 p.m.•9 views

Exploits0References8

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

6.5CVSS0.01433EPSS

EUVD•added 2026/05/31 1:0 p.m.•9 views

EUVD-2026-33504

6.5CVSS6.4AI score0.01433EPSS

CVE•added 2026/05/31 1:0 p.m.•9 views

CVE-2026-10182

CVE-2026-10182 affects TRENDnet TEW-432BRP firmware 3.10B20. The vulnerable element is the function /goform/formWlanSetup (formWlanSetup) where manipulating the argument enrollee can cause a command injection . The issue is exploitable remotely, and public disclosure of the exploit is indicated. ...

6.5CVSS6.4AI score0.01433EPSS

ATTACKERKB•added 2026/05/31 1:0 p.m.•8 views

CVE-2026-10182

6.5CVSS6.4AI score0.01433EPSS

Exploits0References5Affected Software1

NVD•added 2026/05/31 12:16 p.m.•10 views

CVE-2026-10180

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

6.5CVSS0.01433EPSS

CVE•added 2026/05/31 11:15 a.m.•15 views

CVE-2026-10180

TRENDnet TEW-432BRP firmware 3.10B20 is affected by CVE-2026-10180 in the formSysCmd function of /goform/formSysCmd, enabling remote command injection via manipulation of the sysCmd argument. The vulnerability status is tied to product EOL (since 2009) with the vendor stating they cannot replicat...

ATTACKERKB•added 2026/05/31 11:15 a.m.•8 views

CVE-2026-10180

Exploits0References5Affected Software1

EUVD•added 2026/05/31 11:15 a.m.•10 views

EUVD-2026-33500

OSV•added 2026/05/31 1:30 a.m.•5 views

MAL-2026-5093 Malicious code in h4xupdate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0de4da975d7b071824607be751a9ea0fb13e409eaef58d1cc0628263d5dea700 Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company. --- Category: MALICIOUS - Th...

6AI score

Exploits0References1

CNNVD•added 2026/05/31 12:0 a.m.•6 views

Edimax BR-6478AC 命令注入漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. The Edimax BR-6478AC version 1.23 has a command injection vulnerability. This vulnerability stems from an operation called “rootAPmac” in the function “formWlbasic” of the component “POST Request Handler”. This...

6.5CVSS6.5AI score0.01409EPSS

Positive Technologies•added 2026/05/31 12:0 a.m.•8 views

PT-2026-45190