Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...

6.9CVSS5.2AI score0.00094EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 9:17 p.m.2 views

CVE-2026-39888

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

9.9CVSS0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 2:16 a.m.3 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2013/03/22 11:59 a.m.1 views

DEBIAN-CVE-2013-0914

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

3.6CVSS4.9AI score0.00461EPSS
Exploits0References1
Rows per page
Query Builder