Lucene search
+L

8 matches found

nvd
nvd
added 2026/07/08 8:16 p.m.5 views

CVE-2026-59821

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

7.2CVSS0.00355EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 7:14 p.m.31 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS0.00355EPSS
Exploits0References3
hackread
hackread
added 2026/05/08 1:36 p.m.10 views

ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data

The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data...

5.8AI score
Exploits0
thn
thn
added 2026/03/30 6:5 p.m.7 views

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel,...

6.6AI score
Exploits0
cvelist
cvelist
added 2026/03/19 1:0 a.m.24 views

CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

7.1CVSS0.00339EPSS
Exploits0References4
cve
cve
added 2026/03/19 1:0 a.m.21 views

CVE-2026-31992

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass in system.run guardrails. If /usr/bin/env is allowlisted, an authenticated operator can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime, enabling command execution with low privileges and potential...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/03/19 1:0 a.m.7 views

EUVD-2026-13023

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.4 views

PT-2026-26232

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References10
Rows per page
Query Builder