8 matches found
CVE-2026-55743
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...
CVE-2026-55743
OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...
CVE-2026-55743 OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...
EUVD-2026-37722
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...
EUVD-2006-6019
Malware in sbrugna...
CVE-2006-6036
SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2006-6036
SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2006-6036
The provided data identifies CVE-2006-6036 as a SQL injection vulnerability in OpenHuman prior to version 1.0, allowing remote attackers to execute arbitrary SQL commands via unspecified vectors. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network attack vector and partial confide...