Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30699 matches found

EUVD
EUVDadded 2026/03/31 12:31 p.m.3 views

EUVD-2026-17379

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS6AI score0.00021EPSS
Exploits0References3
NVD
NVDadded 2026/03/31 12:16 p.m.2 views

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

8CVSS0.00021EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/03/31 12:10 p.m.139 views

Exploit for Missing Authentication for Critical Function in Projectsend

ProjectSend CVE-2024-11680 Exploit This is a proof-of-concept...

9.8CVSS7.9AI score0.9349EPSS
Exploits4
CVE
CVEadded 2026/03/31 11:17 a.m.6 views

CVE-2026-32971

CVE-2026-32971 (OpenClaw) affects OpenClaw prior to version 2026.3.11, in the node-host approval UI for system.run approvals. The root cause is an approval-integrity vulnerability that displays extracted shell payloads instead of the executed argv, enabling wrappers to be placed and wrapper-shape...

8CVSS6AI score0.00021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/31 11:17 a.m.21 views

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS0.00021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/31 11:17 a.m.3 views

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS6AI score0.00021EPSS
Exploits0References3
CVE
CVEadded 2026/03/31 11:17 a.m.6 views

CVE-2026-32917

OpenClaw prior to 2026.3.13 is affected by a remote command injection vulnerability in the iMessage attachment staging flow. The issue arises because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, allowing arbi...

9.8CVSS6.4AI score0.00604EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/03/31 11:17 a.m.18 views

CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS0.00604EPSS
Exploits0References3
Veracode
Veracodeadded 2026/03/31 11:2 a.m.2 views

Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

9.8CVSS6.2AI score0.00039EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2026/03/31 6:53 a.m.3 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-20846 | GDI+ Denial of Service Vulnerability CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability...

8.8CVSS6.8AI score0.2798EPSS
Exploits9References25
ICS
ICSadded 2026/03/31 6:0 a.m.3 views

PX4 Autopilot

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

9.8CVSS6.2AI score0.00127EPSS
Exploits0References13
RedhatCVE
RedhatCVEadded 2026/03/31 4:59 a.m.1 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

9.8CVSS6.3AI score0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/31 12:0 a.m.3 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.00686EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/31 12:0 a.m.3 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.00686EPSS
Exploits0References2
CVE
CVEadded 2026/03/31 12:0 a.m.4 views

CVE-2026-30314

CVE-2026-30314 : Ridvay Code’s command auto-approval module contains a critical OS command injection due to brittle regular expressions that parse commands without handling standard Shell substitutions like $(...) and backticks. An attacker could craft commands such as git log --grep="$(malicious...

9.8CVSS6.3AI score0.00686EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.4 views

PT-2026-29231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an approval-integrity issue within the node-host system.run approvals functionality. This allows the display of extracted shell payloads instead of the executed arguments. ...

7.3CVSS6.3AI score0.00021EPSS
Exploits0References6
CVE
CVEadded 2026/03/31 12:0 a.m.7 views

CVE-2026-30311

Summary: Ridvay Code’s command auto-approval module contains a critical OS command injection vulnerability. The whitelist relies on fragile regular expressions that do not account for standard Shell command substitutions (e.g., $(...) and backticks), allowing an attacker to craft commands such as...

9.8CVSS6.3AI score0.00686EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/31 12:0 a.m.18 views

CVE-2026-30314

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

0.00686EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/31 12:0 a.m.3 views

CVE-2026-30314

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.00686EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.2 views

PT-2026-29253

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.00686EPSS
Exploits0References3
Rows per page
Query Builder