Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/16 6:5 p.m.20 views

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...

7.1CVSS5.6AI score0.00124EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/27 10:47 p.m.3 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source that can circumvent the trusted dependencies list. An attacker can cause unintended dependencies to be loaded by including malicious file:, link:, git:, or github: URLs to import packages whose names also exis...

6.9CVSS5.9AI score0.00108EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53581

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00321EPSS
Exploits0References3
Veracode
Veracode
added 2020/08/06 9:36 p.m.30 views

Insecure Dependency Loading

Python CPython is vulnerable to insecure dependency loading.It may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

5.5CVSS2.9AI score0.01345EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.62 views

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with...

9.3CVSS3.2AI score0.05862EPSS
Exploits0
Rows per page
Query Builder