GHSA-VR7G-88FQ-VHQ3 Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

The vulnerability of the nvme_cleanup_cmd() function in the Linux operating system’s NVMe driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the nvmecleanupcmd function in the drivers/nvme/host/core.c file of the Linux NVMe kernel driver is related to the reallocation of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...

Unix Command Shell, Bind TCP (via BusyBox telnetd)

Listen for a connection and spawn a command shell via BusyBox telnetd This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 26 include Msf::Payload::Single include...