GHSA-2FGQ-7J6H-9RM4 OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

PT-2026-26385

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

PT-2026-26222

Summary system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers. This allowed wrapper-smuggled payloads for example env bash -lc ... to satisfy an allowlist entry for the wrapper while executing non-allowlisted...

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Guide 中文...

xxe-blind

XXE Out-of-Band File Exfiltration Tool Herramienta en bash pa...

interpreter.htb-SSTI-exploit

Exploitation py...

UBUNTU-CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

Brocade Fabric OS < 9.2.1c2 / 9.2.2 < 9.2.2b / 10.0.0 Information Disclosure (CVE-2026-0383)

The version of Brocade FabricOS installed on the remote host is prior to 9.2.1c2, or 9.2.2 prior to 9.2.2b, or 10.0.0 prior to 10.0.0a. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with...

TestSSL 3.2.3

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE !L...

Asterisk 代码问题漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. There were code vulnerabilities in versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. These vulnerabilities stemmed from the...

CVE-2026-24053

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

CVE-2026-24053

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

EUVD-2026-5156

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

EUVD-2026-5262

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...