Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/27 1:19 p.m.12 views

CVE-2026-57453

A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...

7.3CVSS5.8AI score0.00137EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 8:16 p.m.11 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:5 p.m.7 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/23 7:5 p.m.7 views

EUVD-2026-38573

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.20 views

PT-2026-51583

Name of the Vulnerable Software and Affected Versions rtk versions prior to 0.42.2 Description A flaw in the permission splitter logic fails to conservatively split or reject certain Bash shell constructs that create command-execution boundaries or nested execution. This improper input validation...

7.8CVSS6.2AI score0.00128EPSS
Exploits0References6
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw Command Injection Vulnerability (CNVD-2026-15058)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A command injection vulnerability exists in versions of OpenClaw prior to 2026.2.24. The vulnerability stems from a failure to properly filter construct command special characters, commands, etc. in the system.run...

9.8CVSS6.1AI score0.00911EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

6.4CVSS6.1AI score0.00911EPSS
Exploits0References4
HackRead
HackRead
added 2026/03/18 10:21 a.m.9 views

New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives

A new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware…...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/06 4:43 p.m.26 views

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

7.8CVSS6.3AI score0.00363EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/03 7:46 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run. An attacker can execute hidden commands under misleading approval or display text by supplying additional positional argv payloads that are not...

9.8CVSS6AI score0.00911EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 7:46 p.m.7 views

GHSA-6RCP-VXWF-3MFP OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

5.8CVSS6.1AI score0.00911EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 7:46 p.m.6 views

OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

9.8CVSS6.1AI score0.00911EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2025/10/27 7:29 a.m.12 views

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands

The newly released OpenAI ChatGPT Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox combined address/search bar interprets input either as a URL to...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24623

Malware in sbrugna...

5.5CVSS5.5AI score0.0027EPSS
Exploits0References2
HackRead
HackRead
added 2025/09/01 8:46 p.m.3 views

Hidden Commands in Images Exploit AI Chatbots and Steal Data

Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-23599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands t...

6.5CVSS7.8AI score0.00601EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/08 12:0 a.m.19 views

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

6.8CVSS0.01258EPSS
Exploits1References15
OSV
OSV
added 2024/04/12 11:7 a.m.5 views

OESA-2024-1405 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: When copying a network request from the developer tools panel as a curl command the output was n...

6.5CVSS8.8AI score0.00601EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/25 3:33 p.m.6 views

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

6.5CVSS7.4AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:32 p.m.6 views

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

6.5CVSS7.4AI score0.00601EPSS
Exploits0References6
Rows per page
Query Builder