5 matches found
Improper Privilege Management
OpenClaude is vulnerable to improper privilege management. The vulnerability is due to the dangerouslyDisableSandbox parameter being exposed in the BashTool input schema, which allows an attacker to use a prompt-injected LLM to disable the sandbox and execute arbitrary commands on the host system...
CVE-2026-34769
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
CVE-2026-34769
CVE-2026-34769 (Electron) affects Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. When apps construct webPreferences from external or untrusted i...
Google Chrome 1.0.154.46 (ChromeHTML://) Parameter Injection PoC
Exploit for unknown platform in category remote exploits ================================================================ Google Chrome 1.0.154.46 ChromeHTML:// Parameter Injection PoC ================================================================ Try this:...
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection
Try this: chromehtml:"%20--renderer-path="calc"%20--no-sandbox Disabling sandbox does matter : Tested with Google Chrome Chrome 1.0.154.46 on Win XP/Vista and IE6/IE7 and it works ... Full PoC: Chrome URI Handler Remote Command Execution PoC This is a test milw0rm.com 2009-01-30...