Lucene search
K

423 matches found

Cvelist
Cvelist
added 2026/03/16 12:2 a.m.28 views

CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS0.00636EPSS
Exploits0References7
CVE
CVE
added 2026/03/15 11:32 p.m.13 views

CVE-2026-4198

The CVE affects hypermodel-labs/mcp-server-auto-commit 1.0.0. The vulnerability is in the getGitChanges function of index.ts, enabling command injection via a local attack. An exploit has been publicly disclosed. A patch is available (hash: f7d992c830c5f2ec5749852e66c0195e3ed7fe30) and applying i...

5.3CVSS5.7AI score0.00649EPSS
Exploits0References7
NCSC
NCSC
added 2026/03/12 2:44 p.m.44 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 12:31 a.m.26 views

EUVD-2026-11486

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

5.3CVSS5.5AI score0.00779EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 11:16 p.m.4 views

CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

5.3CVSS0.00779EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 11:2 p.m.2 views

CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

5.3CVSS5.5AI score0.00779EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/11 8:2 a.m.4 views

CVE-2024-14026 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

5.4CVSS6AI score0.00624EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24895

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

5.3CVSS5.5AI score0.00779EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 9:52 p.m.7 views

OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

7.8CVSS6.3AI score0.01075EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/03 9:52 p.m.5 views

GHSA-VFFC-F7R7-RX2W OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

8.6CVSS6.3AI score0.01075EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/02 10:15 p.m.8 views

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...

8.8CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/26 10:17 p.m.7 views

CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

6.6CVSS6.1AI score0.00935EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/02 11:41 p.m.15 views

OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

7.7CVSS6.4AI score0.00935EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.7 views

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

9.8CVSS6.1AI score0.00488EPSS
Exploits1References1
NVD
NVD
added 2026/01/22 6:16 p.m.9 views

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

9.8CVSS0.00488EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : emacs-24.3-23.0.1.el7.AXS7 (AXSA:2024-8912:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8912:03 advisory. CVE-2024-48337: fix etags local command injection vulnerability CVEs: CVE-2024-48337 RESERVED This candidate has been reserved by an organization or individu...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/17 4:30 p.m.6 views

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

9.6CVSS7AI score0.06299EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 5:15 p.m.6 views

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

9.6CVSS0.06299EPSS
Exploits1References2
CVE
CVE
added 2026/01/16 4:29 p.m.16 views

CVE-2026-23523

Dive (MCP Host Desktop Application) prior to version 0.13.0 is affected. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation, leading to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0...

9.6CVSS6.6AI score0.06299EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder