GHSA-W9CG-V44M-4QV8 OpenClaw affected by BASH_ENV / ENV startup-file injection into spawned shell commands

Summary BASHENV / ENV startup-file injection could lead to unintended pre-command shell execution when attacker-controlled environment values were admitted and then inherited by host command execution paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.19-2 - Fixed on...

GHSA-H3RM-6X7G-882F OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

Vim 安全漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0073 contained security vulnerabilities. These vulnerabilities stemmed from the netrw plugin, which had a vulnerability related to operating system command injection. This could allow...

OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...

GHSA-JMHP-5558-QXH5 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...

CVE-2026-25603

The CVE-2026-25603 issue is a path traversal vulnerability in Linksys MR9600 and MX4200. Affected products and versions are MR9600 1.0.4.205530 and MX4200 1.0.13.210200. The underlying flaw is improper limitation of a pathname to a restricted directory, allowing contents of a USB drive partition ...

PT-2026-21778

Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 1.0.4.205530 Linksys MX4200 version 1.0.13.210200 Description A path traversal issue exists in Linksys MR9600 and MX4200 devices. This allows the contents of a USB drive partition to be mounted in an arbitrary location...

CVE-2025-70328

TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...

📄 Xerte Online Toolkits 3.14 Import Language Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 of and earlier to upload and execute a shell. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Xerte Online Toolkits 3.14 Template Import Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. Specifically, this targets /websitecode/php/import/import.php. Note: this Metasploit module results in directories being create...

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-25143

CVE-2026-25143 affects the melange build system. The built-in patch pipeline (pkg/build/pipelines/patch.yaml) accepts patch-related inputs and embeds them into shell scripts without proper quoting or validation, enabling shell metacharacters to escape the intended context. An attacker who can inf...

GHSA-RF4G-89H5-CRCR melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...