📄 Discuz! X5.0 Chained Remote Code Execution

This Metasploit module uses race condition and local file inclusion vulnerabilities in Discuz! X5.0 in order to achieve remote code execution. ================================================================================================================================== | Title : Discuz! X5.0...

📄 Grav CMS Remote Code Execution

This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature to achieve remote code execution...

📄 dedoc/scramble 0.13.2 Remote Code Execution

This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...

GHSA-PM6V-2H4W-4RP2 Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

GHSA-QW24-GH76-8RVV Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...

Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...

GHSA-69QJ-PVH9-C5WG yt-dlp: Arbitrary command injection possible if --exec option used with yt-dlp

Summary yt-dlp's --exec option is vulnerable to arbitrary command injection when handling untrusted metadata if the argument uses standard string formatting e.g. %titles or other unsafe conversions. An attacker could achieve remote code execution on the user's machine via maliciously crafted...

Command Injection

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Command Injection via --exec. An attacker can execute arbitrary commands on the user's system by crafting malicious metadata values containing shell operators, which ar...

yt-dlp: Arbitrary command injection possible if --exec option used with yt-dlp

Summary yt-dlp's --exec option is vulnerable to arbitrary command injection when handling untrusted metadata if the argument uses standard string formatting e.g. %titles or other unsafe conversions. An attacker could achieve remote code execution on the user's machine via maliciously crafted...

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

EUVD-2026-37184

In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

GHSA-2W22-3F6X-3HF4 Duplicate Advisory: Workspace-derived service PATH could influence trash command selection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rx78-29qr-5hq8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows...

GHSA-G796-JQMX-WF9Q Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c226-q6fx-6j6c. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses...

GHSA-V383-2WGG-V483 Duplicate Advisory: Shell inline-command parsing could miss an allowlist check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f397-5vjw-v2c2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows...

Duplicate Advisory: Shell inline-command parsing could miss an allowlist check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f397-5vjw-v2c2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows...

Duplicate Advisory: Workspace-derived service PATH could influence trash command selection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rx78-29qr-5hq8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows...

Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c226-q6fx-6j6c. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses...

GHSA-R2FX-HP6P-PGRM Duplicate Advisory: Internal/webchat command auth could inherit ownerAllowFrom wildcard state

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hpg-mp64-x7xq. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authenticatio...