Lucene search
K

38972 matches found

CVE
CVE
added 2026/06/16 6:5 p.m.18 views

CVE-2026-53861

OpenClaw before 2026.5.6 has an allowlist bypass in the macOS Swift exec feature due to missing handling for combined POSIX inline flags. The vulnerability enables attackers to run shell content outside the intended allowlist check by using combined flag forms, with impact depending on operator c...

9.8CVSS5.7AI score0.0024EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description The macOS Swift exec feature contains an allowlist bypass. The issue occurs because the system fails to account for combined POSIX inline-command flags, which are shorthand ways of grouping...

9.8CVSS5.6AI score0.0024EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 7:47 p.m.26 views

CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...

5.5CVSS5.3AI score0.00203EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 9:16 p.m.11 views

CVE-2026-53806

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS0.00419EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:5 p.m.7 views

CVE-2026-53806 OpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS5.7AI score0.00419EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:5 p.m.7 views

EUVD-2026-36312

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:5 p.m.14 views

CVE-2026-53806

OpenClaw vulnerability CVE-2026-53806 affects OpenClaw prior to version 2026.5.12. A shell option parsing flaw allows combined POSIX shell flags to bypass exec revalidation checks, enabling execution of inline shell content without the intended allowlist validation when the affected feature is en...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/11 8:5 p.m.30 views

CVE-2026-53806 OpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS0.00419EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:35 p.m.19 views

CVE-2026-47250

CVE-2026-47250 concerns mcp-server-kubernetes, where the kubectl_generic tool exposes a flag-injection vulnerability due to passing user-supplied flags directly to kubectl without an allowlist. This can enable a privilege-escalation path in Kubernetes environments: an attacker with limited access...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 6:35 p.m.9 views

EUVD-2026-36287

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 7:58 a.m.18 views

SUSE-SU-2026:2365-1 Security update for cosign

This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Changes for cosign: - update to 3.0.6: Fix DSSE predicate check GHSA-w6c6-c85g-mmv6 4801 Handle whitespace-only certificate...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from shell option parsing; combining POSIX shell flags could bypass the exec revalidation check. Attackers c...

8.8CVSS5.3AI score0.00419EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48736

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A shell option parsing issue allows combined POSIX shell flags to bypass exec revalidation checks. This enables attackers to execute inline shell content without the intended allowlist validatio...

8.8CVSS5.7AI score0.00419EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:42 p.m.8 views

EUVD-2026-36016

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2
OSV
OSV
added 2026/06/10 8:43 a.m.6 views

SUSE-SU-2026:2337-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

7.5CVSS5.7AI score0.00519EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/10 8:43 a.m.6 views

Security update for libyang

This update for libyang fixes the following issues CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflow wh...

9.2CVSS5.7AI score0.00519EPSS
Exploits0References8
OSV
OSV
added 2026/06/10 8:43 a.m.5 views

SUSE-SU-2026:2335-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

7.5CVSS5.7AI score0.00519EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 8:42 a.m.8 views

SUSE-SU-2026:2334-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

7.5CVSS5.7AI score0.00519EPSS
Exploits0References5
Rows per page
Query Builder