CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

NVD•added 2026/04/02 7:21 p.m.•3 views

CVE-2026-34425

OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped...

5.4CVSS0.00022EPSS

Exploits0References3

CVE•added 2025/11/21 10:11 p.m.•13 views

CVE-2025-65946

Roo Code (AI-powered coding agent) had a validation error before version 3.26.7 that could cause it to automatically execute commands not on the allowed prefixes list. The issue has been patched in version 3.26.7. Affected CVE-2025-65946 entries from multiple feeds confirm the vulnerability and p...

8.1CVSS6.9AI score0.00079EPSS

Exploits0References3Affected Software1

OSV•added 2025/11/21 10:11 p.m.•3 views

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

8.1CVSS7.2AI score0.00079EPSS

Exploits0References5

Prion•added 2018/08/15 5:29 p.m.•32 views

Remote code execution

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10...

9.3CVSS9AI score0.892EPSS

Exploits0References3Affected Software2

Cvelist•added 2018/08/15 5:0 p.m.•28 views

CVE-2018-8414

9AI score0.892EPSS

Exploits0References3

Prion•added 2017/11/02 4:29 p.m.•11 views

Command injection

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The...

7.2CVSS7.5AI score0.4022EPSS

Exploits3References3

Veracode•added 2017/05/22 1:29 a.m.•16 views

Arbitrary Command Execution

windows-cpu is vulnerable to arbitrary command execution. This is because the findLoad method doesn't sanitize or perform any validation before passing user-input to the shell...

9.8CVSS9.4AI score0.03342EPSS

Exploits1References3Affected Software1