Lucene search
K

8 matches found

NVD
NVD
added 2026/06/17 3:17 p.m.13 views

CVE-2026-55743

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

9.6CVSS0.00704EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 2:8 p.m.22 views

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

9.6CVSS6.7AI score0.00704EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 2:8 p.m.30 views

CVE-2026-55743 OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

9.6CVSS0.00704EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 2:8 p.m.11 views

EUVD-2026-37722

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

9.6CVSS6.7AI score0.00704EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2006-6019

Malware in sbrugna...

7.5CVSS6.4AI score0.01117EPSS
Exploits0References5
NVD
NVD
added 2006/11/22 12:7 a.m.12 views

CVE-2006-6036

SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.4AI score0.01117EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/11/22 12:0 a.m.17 views

CVE-2006-6036

SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.4AI score0.01117EPSS
Exploits0References4
CVE
CVE
added 2006/11/22 12:0 a.m.35 views

CVE-2006-6036

The provided data identifies CVE-2006-6036 as a SQL injection vulnerability in OpenHuman prior to version 1.0, allowing remote attackers to execute arbitrary SQL commands via unspecified vectors. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network attack vector and partial confide...

7.5CVSS8.8AI score0.01117EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder