16 matches found
CVE-2026-9565
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
CVE-2026-9565
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
CVE-2026-9565
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
EUVD-2026-31886
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
CVE-2026-9565 haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
WorkClaw 操作系统命令注入漏洞
WorkClaw is a desktop AI employee team collaboration tool developed by haojing8312. Versions of WorkClaw prior to 0.6.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the isdangerous function in the Blacklist Handler...
PT-2026-43328
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...
EUVD-2025-29231
Malicious code in bioql PyPI...
CVE-2025-10473
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the filterKeyword function of the Blacklist Handler process in /com/ruoyi/generator/controller. An attacker can access or modify sensitive data, or disrupt application functionality by injecting malicious SQL statements...
CVE-2025-10473
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...
CVE-2025-10473
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...
CVE-2025-10473
CVE-2025-10473 affects yangzongzhuan RuoYi up to version 4.8.1. The vulnerability resides in the Blacklist Handler’s function filterKeyword within SqlUtil.java , enabling SQL injection. The issue can be exploited remotely and an exploit has been released publicly. Affected component is the Blackl...
CVE-2025-10473 yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...
RuoYi SQL注入漏洞
RuoYi is a backend management system by the individual developer of RuoYi in China. A SQL injection vulnerability exists in RuoYi 4.8.1 and earlier versions. The vulnerability stems from improper manipulation of the Blacklist Handler's function filterKeyword in the file...
PT-2025-37740
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A security flaw has been discovered in yangzongzhuan RuoYi. This impacts the filterKeyword function of the file /com/ruoyi/common/utils/sql/SqlUtil.java within the Blacklist Handler...