CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/12 4:25 p.m.•3 views

CVE-2026-43992

9.8CVSS5.8AI score0.00021EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/12 4:22 p.m.•4 views

CVE-2026-43990 JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's runcommand wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...

8.4CVSS5.8AI score0.00024EPSS

EUVD•added 2026/05/12 4:22 p.m.•3 views

EUVD-2026-29539

8.4CVSS5.8AI score0.00024EPSS

EUVD•added 2026/05/12 4:21 p.m.•4 views

EUVD-2026-29538

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00015EPSS

ATTACKERKB•added 2026/05/12 4:21 p.m.•5 views

CVE-2026-43989

8.5CVSS5.8AI score0.00015EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/12 4:19 p.m.•2 views

CVE-2026-43991

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...

8.4CVSS5.9AI score0.00033EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/12 4:19 p.m.•4 views

EUVD-2026-29540

8.4CVSS5.9AI score0.00033EPSS

Exploits0References2

CVE•added 2026/05/12 4:19 p.m.•7 views

CVE-2026-43991

The CVE-2026-43991 issue affects JunoClaw: a plugin-shell command-safety check used by the Juno Network agent. The root cause is a substring-based blocklist that was applied to the raw command string rather than the parsed first token, enabling bypass via adversarial argument constructions and po...

8.4CVSS5.9AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40101

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...

8.5CVSS5.8AI score0.00015EPSS

Exploits0References4

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177682

Malicious code in nebula-delphinus-planckscale-juno npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in juno-proxima-wolf-tailwindcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47028c82d41ce63151937e576d080b099eb94441f3ef4d03707857a5baf44a18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178100

Malicious code in library-supernova-eigenstate-juno npm...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-187806 Malicious code in lint-janus-juno-blueshift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09c4d24d6c0937c0a916af5b388852eb2c5e7fb318480dba1e23ab03c3047296 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178244

Malicious code in juno-saturnology-sass-loader-joviology npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178412

Malicious code in ini-barnard-juno-shelljs npm...