Lucene search
+L

7 matches found

snyk
snyk
added 2026/06/25 7:19 p.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Hook Authentication process. An attacker can execute arbitrary operating system commands by injecting shell metacharacters into the username or password fields during login. Remediation There is no fixed versio...

9.8CVSS6.1AI score0.00533EPSS
Exploits0References2
snyk
snyk
added 2026/06/25 7:19 p.m.6 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Hook Authentication process. An attacker can execute arbitrary operating system commands by injecting shell metacharacters into the username or password fields during login. Remediation Upgrade...

9.8CVSS6.2AI score0.00533EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 7:16 p.m.12 views

CVE-2026-54088

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS0.00533EPSS
Exploits0References1
osv
osv
added 2026/06/25 5:49 p.m.7 views

CVE-2026-54088 File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 5:49 p.m.36 views

CVE-2026-54088 File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS0.00533EPSS
Exploits0References1
osv
osv
added 2026/03/09 7:52 p.m.3 views

GHSA-6RMX-GVVG-VH6J OpenClaw's hooks count non-POST requests toward auth lockout

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...

5.3CVSS5.8AI score
Exploits0References4
osv
osv
added 2026/03/03 12:38 a.m.5 views

GHSA-5847-RM3G-23MW OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants

Vulnerability The hook authentication throttle keyed failed attempts by raw socket remoteAddress text. IPv4 and IPv4-mapped IPv6 forms of the same client for example 1.2.3.4 and ::ffff:1.2.3.4 were treated as different clients, allowing separate rate-limit buckets. Impact An attacker could split...

6.9CVSS6AI score
Exploits0References3
Rows per page
Query Builder