6 matches found
CVE-2026-31994
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
Input Validation Bypass
symfony is vulnerable to input Validation Bypass. The vulnerability is caused by improper handling of the $ metacharacter in regular expressions, allowing an attacker to bypass validation with inputs ending in \n...
SUSE-SU-2024:1190-1 Security update for less
This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters bsc1219901...
karo Metacharacter Handling Remote Command Execution
The karo gem through 2.5.2 for Ruby allows Remote command injection via the host field. A flaw in db.rb is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands. In particular lines 76 and 95 as of 2014-06-01 pass unsanitized user supplied input to...
gyazo Gem for Ruby client.rb Metacharacter Handling Remote Command Execution
gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands...
karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. karo Gem for Ruby contains a flaw in db.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands. CWE-77 - Improper Neutralization of Special Elements used in a...