Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

294 matches found

Positive Technologies
Positive Technologiesadded 2026/06/10 12:0 a.m.10 views

PT-2026-48373

CVE-2026-48703 Warp Agent: Code Search Command Injection via Grep and FileGlob https://t.co/Li4h31dQjZ...

5.5AI score0.0002EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/01 8:45 p.m.30 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS0.00354EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/06/01 8:45 p.m.9 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2026/05/22 7:57 a.m.13 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References1
CVE
CVEadded 2026/05/21 12:38 a.m.40 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References4Affected Software2
RedhatCVE
RedhatCVEadded 2026/04/20 7:22 p.m.4 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/17 6:31 p.m.2 views

EUVD-2026-23450

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
NVD
NVDadded 2026/04/17 5:17 p.m.3 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS0.0023EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/17 4:0 p.m.30 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS0.0023EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/17 4:0 p.m.0 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References3
CVE
CVEadded 2026/04/17 4:0 p.m.20 views

CVE-2026-40515

OpenHarness (before commit bd4df81) contains a permission bypass due to incomplete path normalization in the permission checker. Attackers can invoke built‑in grep and glob tools with root directories that aren’t properly evaluated against configured path rules, enabling disclosure of sensitive l...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/17 4:0 p.m.5 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.3 views

PT-2026-33463

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to commit bd4df81 Description Incomplete path normalization in the permission checker allows attackers to bypass permissions and read sensitive files. By invoking the built-in grep and glob tools with sensitive root...

8.7CVSS5.7AI score0.0023EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/03/26 3:11 p.m.2 views

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References1
CNVD
CNVDadded 2026/03/24 12:0 a.m.2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14828)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...

6.5CVSS6AI score0.00259EPSS
Exploits0References1
NVD
NVDadded 2026/03/23 10:16 p.m.4 views

CVE-2026-32909

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVEadded 2026/03/23 9:36 p.m.7 views

CVE-2026-32909

OpenClaw before 2026.2.19 contains a command-injection vulnerability in tools.exec.safeBins that lets an attacker bypass stdin-only restrictions by using sort output flags or recursive grep flags. This can enable arbitrary file writes via sort -o and recursive file reads via grep -R, bypassing th...

6.1AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.3 views

PT-2026-27241

OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.exec.safeBins that allows attackers to bypass stdin-only restrictions using sort output flags or recursive grep flags. Attackers can exploit this to perform arbitrary file writes via sort -o or recursive file reads via...

3.6CVSS6.1AI score
Exploits0References5
NVD
NVDadded 2026/03/19 10:16 p.m.4 views

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

6.5CVSS0.00259EPSS
Exploits0References3
OSV
OSVadded 2026/03/19 10:16 p.m.2 views

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

5.3CVSS6AI score
Exploits0References3
Rows per page
Query Builder