Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/06/11 8:5 p.m.7 views

EUVD-2026-36312

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.10 views

PT-2026-48736

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A shell option parsing issue allows combined POSIX shell flags to bypass exec revalidation checks. This enables attackers to execute inline shell content without the intended allowlist validatio...

8.8CVSS5.7AI score0.00419EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2021-0530

Malware in sbrugna...

8.6CVSS8.6AI score0.01702EPSS
Exploits1References5
OSV
OSVadded 2025/01/10 7:16 p.m.12 views

BIT-NODE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS7.2AI score0.01387EPSS
Exploits0References6
AlpineLinux
AlpineLinuxadded 2024/09/07 4:0 p.m.39 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.5AI score0.01098EPSS
Exploits0
Huntr
Huntradded 2023/06/12 8:34 p.m.32 views

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...

7.5CVSS7.1AI score0.01069EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2021/02/05 8:43 p.m.120 views

Command injection in total.js

There is a command injection vulnerability that affects the package total.js before version 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using childprocess.spawn. The issue occurs because...

8.6CVSS8.8AI score0.01702EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2021/02/02 11:15 a.m.17 views

CVE-2020-28494

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using childprocess.spawn. The issue occurs because childprocess.spawn is called with the option shell set to true an...

8.6CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder