CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

291 matches found

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS0.0006EPSS

Exploits0References9

Vulnrichment•added 2 days ago•4 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

5.3CVSS5.4AI score0.0006EPSS

Exploits0References9

RedhatCVE•added 2026/05/22 7:57 a.m.•10 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.07956EPSS

Exploits1References1

CVE•added 2026/05/21 12:38 a.m.•25 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.07956EPSS

In wildExploits1References4Affected Software2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в libfile-find-rule-perl

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

8.8CVSS7.4AI score0.00289EPSS

Exploits0References2

RedhatCVE•added 2026/04/20 7:22 p.m.•2 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.00034EPSS

Exploits1References1

EUVD•added 2026/04/17 6:31 p.m.•0 views

EUVD-2026-23450

8.7CVSS5.8AI score0.00034EPSS

Exploits1References4

NVD•added 2026/04/17 5:17 p.m.•0 views

CVE-2026-40515

8.7CVSS0.00034EPSS

Exploits1References3

Cvelist•added 2026/04/17 4:0 p.m.•27 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

8.7CVSS0.00034EPSS

Exploits1References3

ATTACKERKB•added 2026/04/17 4:0 p.m.•1 views

CVE-2026-40515

8.7CVSS5.8AI score0.00034EPSS

Exploits1References4

Vulnrichment•added 2026/04/17 4:0 p.m.•0 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

8.7CVSS5.8AI score0.00034EPSS

Exploits1References3

CVE•added 2026/04/17 4:0 p.m.•9 views

CVE-2026-40515

OpenHarness (before commit bd4df81) contains a permission bypass due to incomplete path normalization in the permission checker. Attackers can invoke built‑in grep and glob tools with root directories that aren’t properly evaluated against configured path rules, enabling disclosure of sensitive l...

8.7CVSS5.8AI score0.00034EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33463

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to commit bd4df81 Description Incomplete path normalization in the permission checker allows attackers to bypass permissions and read sensitive files. By invoking the built-in grep and glob tools with sensitive root...

8.7CVSS5.7AI score0.00034EPSS

Exploits1References6

RedhatCVE•added 2026/03/26 3:11 p.m.•0 views

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

6.5CVSS5.9AI score0.00079EPSS

Exploits0References1

CNVD•added 2026/03/24 12:0 a.m.•0 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14828)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...

6.5CVSS6AI score0.00079EPSS

Exploits0References1

NVD•added 2026/03/23 10:16 p.m.•2 views

CVE-2026-32909

Rejected reason: This CVE ID has been rejected...

Exploits0

CVE•added 2026/03/23 9:36 p.m.•2 views

CVE-2026-32909

OpenClaw before 2026.2.19 contains a command-injection vulnerability in tools.exec.safeBins that lets an attacker bypass stdin-only restrictions by using sort output flags or recursive grep flags. This can enable arbitrary file writes via sort -o and recursive file reads via grep -R, bypassing th...

6.1AI score

Exploits0

Positive Technologies•added 2026/03/23 12:0 a.m.•1 views

PT-2026-27241

OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.exec.safeBins that allows attackers to bypass stdin-only restrictions using sort output flags or recursive grep flags. Attackers can exploit this to perform arbitrary file writes via sort -o or recursive file reads via...

3.6CVSS6.1AI score

Exploits0References5