Lucene search
+L

2808 matches found

CVE
CVE
added 6 hours ago6 views

CVE-2026-16199

CVE-2026-16199 affects the NextLevelBuilder GoClaw project, specifically the function ExecTool.Execute in goclaw/internal/tools/credentialed_exec.go, and is associated with versions up to 3.13.3-beta.3. The vulnerability arises from a flaw in ExecTool.Execute that can lead to improper authorizati...

6.5CVSS6.2AI score
Exploits0References7
NVD
NVD
added yesterday7 views

CVE-2026-16120

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References7
CVE
CVE
added yesterday12 views

CVE-2026-16120

CVE-2026-16120 affects nextlevelbuilder GoClaw up to version 3.13.3-beta.3. The vulnerability targets the function matchesAllowlist/extractBin in internal/tools/exec_approval.go, where manipulation can cause an incorrectly-resolved name. The attack can be performed remotely, and public exploitati...

6.5CVSS6.1AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16120

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS6.1AI score
Exploits0References7
CVE
CVE
added yesterday8 views

CVE-2026-16082

Summary of CVE-2026-16082 : Affects Sipeed PicoClaw up to version 0.2.9. The vulnerability is in the function ExecTool.executeRun (file: pkg/agent/pipeline_execute.go) where manipulation of the argument cwe leads to a time-of-check time-of-use issue. Exploitation is local, and a public exploit is...

5.3CVSS5.4AI score0.00091EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday73 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.7AI score0.05289EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday31 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS9.5AI score0.10371EPSS
Exploits8References3
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45256

Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-streaming-updated.ts,...

8.8CVSS5.9AI score0.00456EPSS
Exploits0References7
NVD
NVD
added 2 days ago7 views

CVE-2026-62201

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45117

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...

8.8CVSS6.2AI score0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago42 views

CVE-2026-62228 OpenClaw < 2026.6.5 Authorization Bypass via Node Exec Approvals

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to...

8.8CVSS0.00261EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-62228

CVE-2026-62228 affects OpenClaw prior to 2026.6.5, describing an authorization bypass in node exec approvals. The vulnerability arises from mismatched gateway and node environments, enabling lower-trust callers to persist or execute actions beyond their approved permissions due to environment con...

8.8CVSS6.2AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-62217

OpenClaw 2026.5.14-beta.1 before 2026.5.27 contains an authorization flaw in the QQBot exec approvals feature. When enabled and reachable, a lower-trust caller or configured input path could perform actions beyond the caller’s intended authorization, allowing non-allowlisted senders to execute or...

8.8CVSS6.2AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-62217 OpenClaw 2026.5.14-beta.1 < 2026.5.27 Authentication Bypass via exec approvals

OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, allowing...

8.8CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45090

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS6.1AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago10 views

PT-2026-60865

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description An issue exists in the code validation API endpoint that allows authenticated users to execute arbitrary system commands with the full privileges of the server process. The endpoint...

9.9CVSS6AI score0.00439EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.4AI score0.84845EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60317

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.07 Description The avatar upload functionality allows the embedding of user-supplied filenames into paths that are subsequently passed to the child process.exec function for MIME-type detection. Specifically, the...

9.9CVSS6.3AI score0.00403EPSS
Exploits0References5
Rows per page
Query Builder