Lucene search
K

115 matches found

OSV
OSV
added 2026/07/02 4:5 p.m.7 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 3:42 p.m.5 views

MAL-2026-6529 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe41ed7d4257171c43c1047d7fde036575b57305b26d18cec61d1f1a20d33b1 The package ships a binding.gyp at the package root containing GYP command-expansion syntax !... in its sources/targets configuration binding.gyp lin...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/06/26 3:42 p.m.8 views

MAL-2026-6528 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...

6.5AI score
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 p.m.17 views

CVE-2026-53831

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.25 views

CVE-2026-53831

OpenClaw

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.30 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS5.8AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44115

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS6AI score0.00362EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable key...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2
NVD
NVD
added 2026/05/28 5:16 p.m.17 views

CVE-2026-44461

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...

8.6CVSS0.00257EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:8 p.m.9 views

CVE-2026-44461 Zed: Remote Command Injection via Unquoted Environment Variable Keys (SSH / WSL Remote)

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 4:8 p.m.14 views

EUVD-2026-32936

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.14 views

CVE-2026-44723

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

9.9CVSS6.1AI score0.00469EPSS
Exploits1References1
NVD
NVD
added 2026/05/21 10:16 a.m.17 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:27 a.m.42 views

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

0.00305EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:27 a.m.7 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS6AI score0.00305EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...

7.5CVSS5.7AI score0.00305EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Gegl

The loadcache function in GEGL before version 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This issue arises due to the use of the system library function for executing the ImageMagick convert fallback in magick-load. NOTE: GEGL versions...

7.8CVSS7.1AI score0.01439EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/20 12:0 a.m.28 views

FreeBSD Security Advisory - FreeBSD-SA-26:23.bsdinstall

FreeBSD Security Advisory - When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not...

7.5CVSS5.9AI score0.00305EPSS
Exploits0
Rows per page
Query Builder