EUVD-2026-13958

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bashprofile or .zshenv to achieve arbitra...

EUVD-2003-0938

Malware in sbrugna...

EUVD-2003-0821

Malware in sbrugna...

EUVD-1999-1366

Malware in sbrugna...

EUVD-2002-0132

Malware in sbrugna...

EUVD-2002-0143

Malware in sbrugna...

EUVD-2003-1463

Malware in sbrugna...

EUVD-2003-0643

Malware in sbrugna...

EUVD-2005-2926

Malware in sbrugna...

EUVD-2006-0204

Malware in sbrugna...

EUVD-2005-2811

Malware in sbrugna...

EUVD-2007-2827

Malware in sbrugna...

EUVD-2003-0264

Malware in sbrugna...

CVE-2003-0454

Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable...

SUSE CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf...

CVE-2021-26638

Improper Authentication vulnerability in S&D smarthomesmartcare application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control...

CVE-2021-26638

Technical details for CVE-2021-26638 are not publicly available in the provided documents. Monitor for updates from linked sources before drawing conclusions about affected products, impact, or remediation.

GHSA-GP2J-MG4W-2RH5 chrome-launcher subject to OS Command Injection

chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the $HOME environment variable in Linux operating systems. This issue is patched in version 0.13.2...

Command Injection

chrome-launcher is vulnerable to Command Injection. The vulnerability exists because an attacker can get control of the $HOME environment variable in Linux operating systems, leading to an execution of malicious command...

Google chrome-launcher OS command injection vulnerability

Google chrome-launcher is a launcher for launching the Chrome browser from Node.js by Google USA. An operating system command injection vulnerability exists in Google chrome-launcher all versions, which can be exploited to execute arbitrary commands by controlling the $ HOME environment variable ...