Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60200

Name of the Vulnerable Software and Affected Versions Tabby versions prior to 1.0.234 Description Tabby inserts dropped file paths from the tabby-electron/src/pathDrop.ts file into the active shell without neutralizing command substitution metacharacters, such as $… and …. This allows for code...

7.8CVSS6.4AI score0.00151EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 4:46 p.m.42 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/30 9:31 p.m.10 views

EUVD-2026-17188

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

6.3AI score0.01145EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.7 views

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

9.8CVSS6AI score0.00476EPSS
Exploits0References1
Rows per page
Query Builder