Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded 2026/04/10 4:3 p.m.9 views

CVE-2026-35641

OpenClaw before 2026.3.24 is affected by an arbitrary code execution vulnerability in local plugin and hook installation. An attacker can craft a .npmrc file with a git executable override, and during npm install in the staged package directory, trigger execution of arbitrary programs from attack...

8.4CVSS6.4AI score0.0001EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/30 6:52 p.m.3 views

OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

8.4CVSS6.4AI score0.0001EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2024/05/22 12:0 p.m.8 views

RUSTSEC-2024-0350 Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS9AI score0.00364EPSS
Exploits0References5
Rows per page
Query Builder