2647 matches found
CVE-2026-31217
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...
CVE-2026-5029
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...
CVE-2026-31231
Cognee through v0.4.0 suffers a critical remote code execution via the notebook cell execution API endpoint. The endpoint executes user-provided Python code with unsafe exec() and no sandboxing or validation, allowing an attacker to send a crafted POST containing malicious code to achieve arbitra...
CVE-2026-31231
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...
CVE-2026-31236
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
PT-2026-40118
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...
GHSA-J643-X8PV-8M67 Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication
Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...
Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication
Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...
Electerm 命令注入漏洞
Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runMac function, which directly appends the attacker-controlled releaseInfo.name to the exec...
aloni (>=0.2.1 <=0.2.3), code-exec-hz (>=1.0.0 <=1.0.1) +6 more potentially affected by CVE-2026-42544 via granian (>=1.3.2 <=2.6.1)
granian PYPI version =1.3.2, =0.2.1, =1.0.0, =2.5.10, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42544 Source advisory: OSV:GHSA-VRG7-482J-P6F6...
CVE-2026-44115
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...
CVE-2026-44115
OpenClaw prior to 2026.4.22 is affected by an exec allowlist analysis vulnerability in unquoted heredocs. The issue allows embedding shell expansion tokens in heredoc bodies to bypass the allowlist and execute unapproved commands at runtime. Affected product/version family: OpenClaw
CVE-2026-44115 OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...
CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...
CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...
CVE-2026-43530
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...
CVE-2026-42434
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...
EUVD-2026-27271
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...
CVE-2026-43530 OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...
CVE-2026-43530
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...