CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/26 12:0 a.m.•4 views

EUVD-2026-31949

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

8.1CVSS5.9AI score0.00052EPSS

EUVD•added 2026/05/26 12:0 a.m.•6 views

EUVD-2026-31843

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

6AI score0.00527EPSS

Exploits1References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

8.8CVSS7.8AI score0.01575EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a possible memory leak in smb2lock. argv needs to be freed when setupasyncwork fails, or when the current process is awakened...

5.7AI score0.00021EPSS

FreeBSD•added 2026/05/20 12:0 a.m.•7 views

net/rsync -- multiple vulnerabilities

The rsync project reports: Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts an...

8.1CVSS5.9AI score0.00056EPSS

RedhatCVE•added 2026/05/06 2:21 p.m.•2 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

NVD•added 2026/05/05 12:16 p.m.•3 views

CVE-2026-42435

8.8CVSS0.00108EPSS

EUVD•added 2026/05/05 11:24 a.m.•2 views

EUVD-2026-27253

Vulnrichment•added 2026/05/05 11:24 a.m.•1 views

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OSV•added 2026/04/17 9:53 p.m.•5 views

GHSA-J6C7-3H5X-99G9 OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

6.3CVSS5.9AI score0.00108EPSS

Exploits0References4

Positive Technologies•added 2026/04/17 12:0 a.m.•3 views

PT-2026-37007

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.22 through 2026.4.11 Description Insufficient shell-wrapper detection allows attackers to inject environment variable assignments at the argv level. This enables the bypass of exec preflight handling to manipulate...

RedhatCVE•added 2026/03/26 3:11 p.m.•3 views

Exploits0References7

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.1AI score0.00025EPSS

RedhatCVE•added 2026/03/26 3:10 p.m.•2 views

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

6.5CVSS6.1AI score0.00049EPSS

OSV•added 2026/03/25 8:16 p.m.•2 views

DEBIAN-CVE-2026-33247

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

5.3CVSS6.1AI score0.00016EPSS

OSV•added 2026/03/25 8:16 p.m.•2 views

UBUNTU-CVE-2026-33247

7.4CVSS5.8AI score0.00016EPSS

Exploits0References4

Cvelist•added 2026/03/25 8:2 p.m.•22 views

CVE-2026-33247 NATS credentials are exposed in monitoring port via command-line argv

7.4CVSS0.00016EPSS

Vulnrichment•added 2026/03/25 8:2 p.m.•2 views

CVE-2026-33247 NATS credentials are exposed in monitoring port via command-line argv

7.4CVSS5.9AI score0.00016EPSS