Lucene search
+L

33 matches found

nvd
nvd
added 2026/07/07 12:16 p.m.12 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

9.8CVSS0.00429EPSS
Exploits0References3
github
github
added 2026/03/03 6:9 p.m.9 views

OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading

Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...

9.8CVSS6.2AI score0.00439EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/03/03 6:9 p.m.17 views

GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading

Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...

8.3CVSS6.2AI score0.00439EPSS
Exploits0References6
osv
osv
added 2026/02/12 4:16 p.m.7 views

PYSEC-2026-33

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.6AI score0.01589EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/12 3:31 p.m.4 views

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.7AI score0.01589EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1036

Malware in sbrugna...

1.9CVSS6AI score0.00443EPSS
Exploits3References10
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-6570

Malware in sbrugna...

5CVSS6.4AI score0.03624EPSS
Exploits1References7
osv
osv
added 2024/09/14 11:9 a.m.4 views

OESA-2024-2142 wpa_supplicant security update

wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...

8.8CVSS7.3AI score0.00652EPSS
Exploits1References2
susecve
susecve
added 2024/08/08 2:36 a.m.4 views

SUSE CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

8.8CVSS9.4AI score0.00652EPSS
Exploits1References3
osv
osv
added 2024/08/07 9:16 a.m.1 views

DEBIAN-CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

7.8CVSS7.4AI score0.00652EPSS
Exploits1References1
osv
osv
added 2024/08/06 4:0 p.m.4 views

UBUNTU-CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

8.8CVSS7.4AI score0.00652EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS7.5AI score0.02145EPSS
Exploits0References3
zdt
zdt
added 2018/01/25 12:0 a.m.944 views

GoAhead Web Server 2.5 < 3.6.5 - HTTPd LD_PRELOAD Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

6.8CVSS8.2AI score0.96327EPSS
Exploits15
packetstorm
packetstorm
added 2018/01/24 12:0 a.m.111 views

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

6.8CVSS8.1AI score0.96327EPSS
Exploits15
exploitdb
exploitdb
added 2018/01/24 12:0 a.m.63 views

GoAhead Web Server 2.5 &lt; 3.6.5 - HTTPd &#039;LD_PRELOAD&#039; Arbitrary Module Load (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

8.1CVSS8.1AI score0.96327EPSS
Exploits15
zdt
zdt
added 2017/05/30 12:0 a.m.2370 views

Samba is_known_pipename() Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some...

10CVSS10AI score0.99448EPSS
Exploits24
prion
prion
added 2017/03/24 2:59 p.m.9 views

Code injection

EyesOfNetwork "EON" 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selectedevents parameter in the 1 acknowledge, 2 delete, or 3 ownDisown function in module/monitoringged/gedfunctions.php or the 4 module parameter to module/index.php...

6.5CVSS8.7AI score0.0718EPSS
Exploits6References5Affected Software1
veracode
veracode
added 2017/03/24 3:56 a.m.41 views

Directory Traversal

ImageMagick is vulnerable to directory traversal. The library does not escape relative paths, allowing a malicious user to upload an arbitrary module into the system...

7.5CVSS8.4AI score0.06534EPSS
Exploits0References3Affected Software1
osv
osv
added 2017/02/20 10:12 a.m.8 views

SUSE-SU-2017:0518-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310. - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculatio...

9.8CVSS7.5AI score0.06534EPSS
Exploits0References23
openvas
openvas
added 2017/01/17 12:0 a.m.31 views

ImageMagick Information Disclosure And Security Bypass Vulnerabilities - Mac OS X

ImageMagick is prone to an information disclosure and security bypass vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.4AI score0.06534EPSS
Exploits0References3
Rows per page
Query Builder