CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

RedhatCVE•added 2026/03/26 3:6 p.m.•5 views

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

7.8CVSS6.1AI score0.00637EPSS

Exploits0References1

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27221

OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...

7.4CVSS6AI score

Exploits0References4

OSV•added 2026/03/19 2:16 a.m.•1 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.2AI score

Exploits0References3

OSV•added 2026/03/19 2:16 a.m.•2 views

CVE-2026-22176

7.8CVSS6.2AI score

Exploits0References3

Cvelist•added 2026/03/19 1:0 a.m.•24 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

7.1CVSS0.00571EPSS

Exploits0References3

CVE•added 2026/03/19 1:0 a.m.•32 views

CVE-2026-22176

OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...

7.8CVSS6.1AI score0.00637EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/03 9:50 p.m.•3 views

GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

7.1CVSS6AI score0.00637EPSS

Exploits0References5

Positive Technologies•added 2026/03/03 12:0 a.m.•5 views

PT-2026-26221

7.8CVSS5.8AI score0.00637EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 11:24 a.m.•8 views

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

5.3CVSS6.8AI score0.00397EPSS

Exploits0References1

Rapid7 Blog•added 2025/11/07 7:46 p.m.•9 views

Metasploit Wrap-Up 11/07/2025

New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...

7.2CVSS8.1AI score0.13843EPSS

Exploits2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2015-2621

Malware in sbrugna...

7.2CVSS6.1AI score0.03587EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-1589

Malware in sbrugna...

7.8CVSS6.5AI score0.02058EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-18861

Malware in sbrugna...

5.3CVSS5.6AI score0.00397EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-43935

Malicious code in bioql PyPI...

7.8CVSS6.2AI score0.00599EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•16 views

EUVD-2023-25708

Malicious code in bioql PyPI...

7.8CVSS7.9AI score0.00562EPSS

Exploits0References1

BDU FSTEC•added 2025/06/18 12:0 a.m.•7 views

The vulnerability of the Task Scheduler in Windows operating systems allows a malicious individual to escalate their privileges.

The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.4CVSS5.4AI score0.00429EPSS

Exploits0References2

CVE•added 2025/06/10 5:2 p.m.•85 views

CVE-2025-33067

CVE-2025-33067 — Windows Kernel local privilege escalation due to improper privilege management. Affects the Windows Kernel; attacker can gain elevated rights locally with no user interaction. CVSSv3.1 base score 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Connected sources confirm the impact as l...

8.4CVSS8.3AI score0.00429EPSS

Exploits0References1Affected Software13

Cvelist•added 2025/06/10 5:2 p.m.•15 views

CVE-2025-33067 Windows Task Scheduler Elevation of Privilege Vulnerability

...

8.4CVSS0.00429EPSS

Exploits0References1