30721 matches found
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable...
EUVD-2026-12730
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable...
CVE-2026-22217 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
CVE-2026-22217
OpenClaw Open source npm package openclaw has a CVE-2026-22217 vulnerability: versions 2026.2.22 and earlier allow arbitrary code execution via the shell-env trusted-prefix fallback for the $SHELL variable. An attacker can influence a writable trusted-prefix directory (e.g., /opt/homebrew/bin) to...
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
CVE-2026-22217 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers
OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...
EUVD-2026-12708
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...
Unity Linux 20.1070a Security Update: openssh (UTSA-2026-006246)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006246 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...
Exploit for OS Command Injection in Nagios Nagios_Xi
Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...
CVE-2026-4064
PowerShell Universal contains a vulnerability (CVE-2026-4064) where missing authorization checks on multiple gRPC service endpoints allow an authenticated user with any valid token to bypass role-based access controls. This can enable reading sensitive data, creating or deleting resources, and di...
EUVD-2026-12580
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...
CVE-2026-23759
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
CVE-2026-23759
CVE-2026-23759 affects Perle IOLAN STS/SCS terminal server models with firmware earlier than 6.0. The issue is an authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell's handling of the ps subcommand does not sanitize arguments, passing user-supplied p...
CVE-2026-23759
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
Pre-auth SSH DoS via unbounded zlib inflate
...