Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30753 matches found

RedhatCVE
RedhatCVEadded 2026/03/07 1:44 a.m.3 views

CVE-2026-28463

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit...

8.6CVSS5.9AI score0.00023EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.2 views

PT-2026-24092

Name of the Vulnerable Software and Affected Versions Shescape versions prior to 2.1.9 Description Shescape is a JavaScript shell escape library. A flaw exists where an attacker may be able to bypass escaping for the shell being used, potentially leading to exposure of sensitive information. This...

6.3CVSS5.8AI score0.00052EPSS
Exploits0References8
NVD
NVDadded 2026/03/06 9:16 p.m.3 views

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS0.00091EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/06 9:5 p.m.4 views

CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.8AI score0.00021EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/03/06 9:3 p.m.16 views

CVE-2026-30225 OliveTin: RestartAction always runs actions as guest

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS0.00091EPSS
Exploits1References3
OSV
OSVadded 2026/03/06 9:3 p.m.3 views

CVE-2026-30225 OliveTin: RestartAction always runs actions as guest

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS6AI score0.00091EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/06 9:3 p.m.3 views

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS6AI score0.00091EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/03/06 9:3 p.m.9 views

CVE-2026-30225

CVE-2026-30225 (OliveTin) : An authentication context confusion in RestartAction prior to 3000.11.1 allows a low-privileged authenticated user to bypass ACLs and execute privileged shell actions via a synthetic request that loses the original caller’s authentication headers, causing the resolver ...

5.3CVSS6AI score0.00091EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/06 9:1 p.m.3 views

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

8.8CVSS5.8AI score0.00043EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/06 9:1 p.m.3 views

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.7AI score0.00038EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/03/06 5:16 p.m.2 views

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.8CVSS0.00065EPSS
Exploits1References2
OSV
OSVadded 2026/03/06 4:43 p.m.2 views

GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

7.5CVSS6.4AI score0.00065EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/06 4:43 p.m.3 views

EUVD-2026-10049

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution...

7.5CVSS5.8AI score0.00065EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/03/06 4:43 p.m.7 views

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

7.8CVSS6.3AI score0.00065EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/06 4:39 p.m.3 views

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.5CVSS6.3AI score0.00065EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/06 4:39 p.m.8 views

CVE-2026-29783

The CVE concerns GitHub Copilot CLI shell tool pre-0.0.423. Affected: Copilot CLI versions up to and including 0.0.422. Issue: the shell safety assessment misclassifies certain bash parameter expansion patterns as read-only, allowing arbitrary code execution when an attacker can influence the com...

7.8CVSS6.3AI score0.00065EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/06 4:39 p.m.3 views

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.5CVSS6.4AI score0.00065EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/06 4:39 p.m.4 views

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.5CVSS6.3AI score0.00065EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/06 4:39 p.m.28 views

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.5CVSS0.00065EPSS
Exploits1References2
OSV
OSVadded 2026/03/06 12:43 p.m.3 views

OESA-2026-1529 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS5.8AI score0.00145EPSS
Exploits0References5
Rows per page
Query Builder