15 matches found
CVE-2026-6987
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
GHSA-6R3X-H84W-FHXX PicoClaw has an Injection issue in its Web Launcher Management Plane component
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' through the Web Launcher Management Plane component in the POST /api/gateway/restart endpoint. An attacker can execute arbitrary commands b...
PicoClaw has an Injection issue in its Web Launcher Management Plane component
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
CVE-2026-6987
CVE-2026-6987 affects PicoClaw up to version 0.2.4, with the vulnerability located in the web component file path /api/gateway/restart within the Web Launcher Management Plane . The issue is described as a manipulation that leads to command injection and appears exploitable remotely. Concrete aff...
CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
PicoClaw 注入漏洞
PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw 0.2.4 and earlier had a injection vulnerability. This vulnerability stemmed from an unknown function in the component Web Launcher Management Plane, specifically the file/api/gateway/restart, whic...
PT-2026-35158
Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
EUVD-2019-8141
Malware in sbrugna...
Thycotic Secret Server Server-Side Request Forgery Vulnerability
Thycotic Secret Server is a privileged account management solution designed for IT administrators and IT security professionals to help these individuals take charge and control of all processes related to password management throughout the organization. A server-side request forgery vulnerabilit...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
Server side request forgery (ssrf)
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
CVE-2019-18355
Thycotic Secret Server’s legacy Web launcher contains an SSRF vulnerability (CVE-2019-18355) in versions before 10.7. Connected sources corroborate that an SSRF issue affects the legacy Web launcher, with no public exploit details provided in the documents. The CVSS metrics indicate high to criti...