94 matches found
GHSA-QC36-X95H-7J53 OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...
Arbitrary Argument Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approve...
GHSA-H3RM-6X7G-882F OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...
PT-2026-26228
Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...
CVE-2026-20976
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...
CVE-2025-65885
An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...
CVE-2025-65885
An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...
CVE-2025-58486
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...
CVE-2025-58486
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...
CVE-2025-58485
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script...
PT-2025-48603
Name of the Vulnerable Software and Affected Versions Samsung Internet versions prior to 29.0.0.48 Description Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. This allows for the execution of malicious code within the...
TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2004-1595
Malware in sbrugna...
EUVD-2024-37357
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-52336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...
NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)
The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...
Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...
M-Files Server 安全漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.3.14681.7, which stems from stored cross-site scripting and could lead to script execution by a local user...
SUSE CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2736)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...