Lucene search
K

41 matches found

CVE
CVE
added 2026/06/16 6:5 p.m.18 views

CVE-2026-53855

OpenClaw prior to 2026.4.2 is vulnerable to an inline-eval bypass through shell positional parameters, allowing authenticated operators to weaken strict allowlist checks. Attackers can combine allowlisted tools with shell positional arguments to inject inline-eval content into shell carriers that...

8.1CVSS5.6AI score0.0026EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/14 8:50 a.m.3 views

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.9 views

MetaBackdoor: Exploiting Positional Encoding As a Backdoor Attack Surface in LLMs

Backdoor attacks pose a serious security threat to large language models LLMs, which are increasingly deployed as general-purpose assistants in safety- and privacy-critical applications. Existing LLM backdoors rely primarily on content-based triggers, requiring explicit modification of the input...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/13 12:12 a.m.30 views

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB’s Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering the issue requires control over the structure of a client’s FLE-related query. Affected MongoDB Server components and ve...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 12:12 a.m.4 views

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

6.4CVSS5.8AI score0.00129EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/13 12:12 a.m.13 views

Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/04 10:31 a.m.5 views

CLSA-2026-1777888717 gawk: Fix of CVE-2023-4156

Fix CVE-2023-4156: builtin.c formattree: When collecting positional field widths or precisions, check for wrap around to negative values...

7.1CVSS5.8AI score0.00424EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 9:59 a.m.6 views

CLSA-2026-1777456776 glibc: Fix of CVE-2021-35942

CVE-2021-35942: fix integer overflow in wordexp positional parameter number...

9.1CVSS6.8AI score0.02678EPSS
Exploits0References1
OSV
OSV
added 2026/03/21 3:31 a.m.1 views

GHSA-W6F4-3V35-QJHJ Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...

6.4CVSS6AI score0.00911EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 12:42 a.m.19 views

CVE-2026-32052

OpenClaw is affected in versions prior to 2026.2.24. The vulnerability is a command injection in the system.run shell-wrapper that enables execution of hidden commands by injecting trailing positional argv carriers after inline shell payloads. The attack can be triggered through crafted approval ...

9.8CVSS6.1AI score0.00911EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.25 views

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

6.4CVSS0.00911EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

6.4CVSS6.1AI score0.00911EPSS
Exploits0References4
OSV
OSV
added 2026/03/03 7:46 p.m.5 views

GHSA-6RCP-VXWF-3MFP OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

5.8CVSS6.1AI score0.00911EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54776

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00242EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/13 5:9 p.m.9 views

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS6.3AI score0.00242EPSS
Exploits1References1
NVD
NVD
added 2025/07/11 5:15 p.m.7 views

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS0.00242EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/07/11 5:0 p.m.10 views

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS0.00242EPSS
Exploits1References1
OSV
OSV
added 2025/07/11 5:0 p.m.7 views

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS6.7AI score0.00242EPSS
Exploits1References3
CVE
CVE
added 2025/07/11 5:0 p.m.20 views

CVE-2024-47065

CVE-2024-47065 affects Meshtastic before version 2.5.1, where traceroute responses from remote nodes were not rate limited. This allows rapid, repeated responses (approximately 100 samples in ~2 minutes) and can enable a 2:1 reflected DoS, with positional confidentiality concerns highlighted as a...

6.9CVSS7AI score0.00242EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/06/20 12:0 a.m.14 views

SAFEx: Analyzing Vulnerabilities of MoE-Based LLMs Via Stable Safety-Critical Expert Identification

Large language models based on Mixture-of-Experts have achieved substantial gains in efficiency and scalability, yet their architectural uniqueness introduces underexplored safety alignment challenges. Existing safety alignment strategies, predominantly designed for dense models, are ill-suited t...

7.4AI score
Exploits0
Rows per page
Query Builder