CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

EUVD-2026-27253

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

GHSA-J6C7-3H5X-99G9 OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the system.run shell-wrapper. An attacker can execute arbitrary shell commands outside the intended allowlisted command body by injecting SHELLOPTS and PS4 environme...

EUVD-2005-2959

Malware in sbrugna...

EUVD-2016-8396

Malware in sbrugna...

EUVD-2022-42734

Malicious code in bioql PyPI...

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - The expansion...

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...

PlayStation: Remote vulnerabilities in spp

A vulnerability was discovered in the spp PPPoE implementation on the PS4/PS5. The vulnerability could allow a malicious PPPoE server to cause a heap buffer overwrite and overread, potentially leading to denial-of-service or remote code execution in kernel context. The vulnerability was caused by...

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

SUSE CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

CVE-2022-3349

A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFATreadupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical...

Heap overflow

A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFATreadupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical...

CVE-2022-3349

Summary: CVE-2022-3349 affects Sony PS4/PS5 in the exFAT Handler, specifically the UVFAT_readupcasetable function. The vulnerability stems from manipulating the dataLength argument, leading to a heap-based buffer overflow that can be triggered on a physical device. Impact & scope (as reported): H...

CVE-2022-3349 Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow

A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFATreadupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical...

MAL-2022-3170 Malicious code in free-fortnite-skins-ps4-no-human-verification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47dabe9edbe66391158b308d2ddc0c795a4750cafced417b91cccdd7f0a675ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3193 Malicious code in free-robux-codes-ps4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c374a1fd80964999fbfc9540c94b65b6af2c5ad7706320fbcf5e15afb8d972b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3182 Malicious code in free-primogems-app-ps4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 315fe9b72afef6098f4014beda253903e686ede71ed3b40dab42e3e7f577f0f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...