Lucene search
K

31222 matches found

NVD
NVD
added 2026/02/04 8:16 p.m.8 views

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 8:16 p.m.8 views

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

8.8CVSS0.00176EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/04 8:6 p.m.12 views

OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply

Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...

8.4CVSS5.8AI score0.00639EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 7:55 p.m.28 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS0.00935EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/04 7:55 p.m.2 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:55 p.m.6 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/04 7:55 p.m.5 views

EUVD-2026-5362

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/04 7:36 p.m.8 views

n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

8.1CVSS6.5AI score0.01713EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/04 7:36 p.m.4 views

GHSA-M82Q-59GV-MCR9 n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

7.1CVSS6.5AI score0.01713EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/04 7:32 p.m.5 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 7:32 p.m.7 views

EUVD-2026-5371

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:32 p.m.7 views

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00175EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/04 7:32 p.m.17 views

CVE-2026-25143

CVE-2026-25143 affects the melange build system. The built-in patch pipeline (pkg/build/pipelines/patch.yaml) accepts patch-related inputs and embeds them into shell scripts without proper quoting or validation, enabling shell metacharacters to escape the intended context. An attacker who can inf...

7.8CVSS6AI score0.00175EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/04 5:16 p.m.5 views

CVE-2026-25055

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

8.1CVSS0.01713EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 4:47 p.m.17 views

CVE-2026-25055

CVE-2026-25055 affects the open source workflow platform n8n. The issue occurs when workflows process uploaded files and transfer them to remote servers via the SSH node without validating metadata, which can cause files to be written to unintended locations on the remote system and potentially e...

8.1CVSS6.4AI score0.01713EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/04 4:47 p.m.25 views

CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

7.1CVSS0.01713EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/04 2:13 p.m.173 views

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

Detections for the CVE-2026-21509 vulnerability in MS Office...

8.8CVSS5.5AI score0.96843EPSS
Exploits49
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

4.6CVSS5.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS5.4AI score0.00198EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/02/04 9:51 a.m.9 views

USN-8011-1: Emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

8.8CVSS6AI score0.02679EPSS
Exploits0
Rows per page
Query Builder