Lucene search
+L

570 matches found

Chainguard
Chainguard
added 2026/04/09 1:17 a.m.6 views

CVE-2026-39409 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, gemini-cli, opensearch-dashboards, librechat, langfuse-fips, kibana, langfuse...

6.3CVSS5.1AI score0.00342EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.5 views

Vulnerability Detection with Interprocedural Context in Multiple Languages: Assessing Effectiveness and Cost of Modern LLMs

Large Language Models LLMs have been a promising way for automated vulnerability detection. However, most prior studies have explored the use of LLMs to detect vulnerabilities only within single functions, disregarding those related to interprocedural dependencies. These studies overlook...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 10:59 p.m.6 views

CVE-2025-64340

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

7.8CVSS5.8AI score0.00749EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/04 6:26 a.m.14 views

OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value. Because the provider reflected state back in the redirect URL, the verifier could be exposed alongside the authorization code. Impact Anyone who could capture the redirect URL could learn bo...

6CVSS6AI score0.00238EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/03 9:31 p.m.6 views

EUVD-2026-18849

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/03 9:31 p.m.9 views

Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it...

6CVSS5.9AI score0.00238EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:45 p.m.4 views

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 8:45 p.m.2 views

CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 3:16 p.m.21 views

CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

6.7CVSS0.00749EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 3:16 p.m.17 views

CVE-2025-64340

FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...

7.8CVSS5.8AI score0.00749EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/03 3:16 p.m.3 views

CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

6.7CVSS5.9AI score0.00749EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30235

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.12 views

OpenClaw 安全特征问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 had security feature vulnerabilities. These vulnerabilities stemmed from the reuse of the PKCE verifier as a state parameter in the Gemini OAuth process, which could lead to t...

6CVSS5.8AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 10:24 p.m.9 views

GHSA-M8X7-R2RG-VH5G FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are...

6.7CVSS6.1AI score0.00749EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2026/03/31 7:40 p.m.7 views

Asking AI for personal advice is a bad idea, Stanford study shows

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/03/31 1:17 a.m.6 views

GHSA-J3Q9-MXJG-W52F vulnerabilities

Vulnerabilities for packages: kibana, wazuh-dashboard, code-server, opensearch-dashboards-fips, redisinsight, saf, thingsboard, vitess, tileserver-gl, tileserver-gl-fips, opensearch-dashboards, langfuse-fips, gemini-cli, langfuse...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/03/31 1:17 a.m.6 views

GHSA-27V5-C462-WPQ7 vulnerabilities

Vulnerabilities for packages: kibana, wazuh-dashboard, code-server, opensearch-dashboards-fips, redisinsight, saf, thingsboard, vitess, tileserver-gl, tileserver-gl-fips, opensearch-dashboards, langfuse-fips, gemini-cli, langfuse...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/03/31 1:17 a.m.9 views

CVE-2026-4926 vulnerabilities

Vulnerabilities for packages: kibana, wazuh-dashboard, code-server, opensearch-dashboards-fips, redisinsight, saf, thingsboard, vitess, tileserver-gl, tileserver-gl-fips, opensearch-dashboards, langfuse-fips, gemini-cli, langfuse...

7.5CVSS5.8AI score0.00791EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/31 1:17 a.m.6 views

CVE-2026-4923 vulnerabilities

Vulnerabilities for packages: kibana, wazuh-dashboard, code-server, opensearch-dashboards-fips, redisinsight, saf, thingsboard, vitess, tileserver-gl, tileserver-gl-fips, opensearch-dashboards, langfuse-fips, gemini-cli, langfuse...

5.9CVSS6.3AI score0.00353EPSS
Exploits0
OSV
OSV
added 2026/03/27 4:39 p.m.5 views

MAL-2026-2268 Malicious code in gemini-ai-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db2be37ea455b54b825242a3f66310fdf3f70e50b1dc1a234fa3ebb534afa857 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

6AI score
Exploits0References1
Rows per page
Query Builder