Lucene search
+L

67 matches found

ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.14 views

PT-2026-55477

Name of the Vulnerable Software and Affected Versions Algernon version 1.17.8 Description On Windows hosts using the NTFS filesystem, an unauthenticated client can retrieve the raw source code of server-side scripts such as .lua, .tl, .po2, .amber, or .frm located on public paths. This occurs...

8.7CVSS6.1AI score0.00077EPSS
Exploits0References4
osv
osv
added 2026/06/24 5:31 p.m.5 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS6.1AI score0.00145EPSS
Exploits0References4
euvd
euvd
added 2026/06/24 5:25 p.m.8 views

EUVD-2026-39011

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.14 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/20 3:24 p.m.7 views

CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References3
osv
osv
added 2026/06/16 6:4 p.m.3 views

CVE-2026-53848 OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to...

2.3CVSS6AI score0.00185EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.19 views

PT-2026-49765

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An exec allowlist bypass exists where authenticated operators can execute wrapper-level side effects outside the intended allowlisted command. This occurs because a command request reaching the...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/15 8:55 p.m.10 views

CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2026/04/12 12:28 p.m.8 views

CVE-2018-25258 RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

8.6CVSS6.5AI score0.00188EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/29 12:44 p.m.23 views

CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...

7.3CVSS0.00132EPSS
Exploits0References2
osv
osv
added 2026/03/29 12:44 p.m.3 views

CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...

7CVSS6.5AI score0.00132EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.19 views

PT-2026-41202

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A flaw exists where the '/api/v1/utils/code/execute' endpoint allows any verified user to execut...

9CVSS7.5AI score0.00406EPSS
Exploits2References16
redhatcve
redhatcve
added 2026/03/26 2:57 p.m.4 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References1
nvd
nvd
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32043

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...

7CVSS0.00099EPSS
Exploits0References3
nvd
nvd
added 2026/03/18 2:16 a.m.4 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS0.00333EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References3
euvd
euvd
added 2026/03/18 1:34 a.m.4 views

EUVD-2026-12718

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References3
euvd
euvd
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9891

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved...

9.8CVSS6AI score0.00499EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/20 10:54 p.m.25 views

CVE-2019-25435 Sricam DeviceViewer 3.12.0.1 Local Buffer Overflow DEP Bypass

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User...

8.4CVSS0.0032EPSS
Exploits1References3
hackerone
hackerone
added 2026/02/16 8:11 a.m.14 views

AWS VDP: Arbitrary Code Execution via Scanner Bypass in **aws-diagram-mcp-server** `exec()` Namespace

Description: The aws-diagram-mcp-server contains an arbitrary code execution vulnerability in diagramstools.py. User-supplied Python code is executed via execcode, namespace at line 305 with a namespace containing the full os module, urlretrieve, and Python builtins. A security scanner scanner.py...

6.4AI score
Exploits0
Rows per page
Query Builder