Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS5.8AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2022/01/21 11:3 p.m.17 views

GHSA-8434-V7XW-8M9X Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

9.3CVSS9.5AI score0.02307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/01/21 11:3 p.m.40 views

Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

10CVSS7.2AI score0.02307EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/11/19 7:15 p.m.3 views

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...

9.8CVSS5.5AI score0.01742EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/11/19 7:1 p.m.22 views

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...

9.6AI score0.01742EPSS
Exploits0References3
Rows per page
Query Builder