Lucene search
K

94 matches found

OSV
OSV
added 2026/03/13 3:48 p.m.11 views

GHSA-QC36-X95H-7J53 OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...

8CVSS6.3AI score0.00179EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/03 9:19 p.m.3 views

Arbitrary Argument Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approve...

6.7CVSS5.9AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 9:19 p.m.7 views

GHSA-H3RM-6X7G-882F OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.11 views

PT-2026-26228

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/01/09 6:17 a.m.2 views

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

5.1CVSS6.7AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 3:15 p.m.7 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS5.8AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.4 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

6.3AI score0.00119EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 2:15 a.m.5 views

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

5.5CVSS6AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:24 a.m.2 views

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

4CVSS6.7AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:24 a.m.8 views

CVE-2025-58485

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script...

5.5CVSS0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48603

Name of the Vulnerable Software and Affected Versions Samsung Internet versions prior to 29.0.0.48 Description Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. This allows for the execution of malicious code within the...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-1595

Malware in sbrugna...

7.5CVSS6.4AI score0.02702EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-37357

Malicious code in bioql PyPI...

9.8CVSS7.3AI score0.41611EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

7.8CVSS7.2AI score0.00287EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.23 views

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

9.8CVSS7.4AI score0.99957EPSS
Exploits9References29
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.19 views

Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.3 views

M-Files Server 安全漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.3.14681.7, which stems from stored cross-site scripting and could lead to script execution by a local user...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 4:53 a.m.3 views

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

8.1CVSS6.9AI score0.41611EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.9AI score0.41611EPSS
Exploits1References2
Rows per page
Query Builder