Lucene search
K

280447 matches found

NVD
NVD
added 4 hours ago6 views

CVE-2026-15193

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago3 views

Malicious code in qlinforge (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8952681c2680f17702d34d053b0af1af1ff8e27a18338b3e84cad5de7e661919 During installation, the package downloads and executes suspicious executables as well as establishes persistence using PTH files. --- Category: MALICIOUS - Th...

6.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 4 hours ago3 views

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens GATs designed to bypass two-factor authentication 2FA. The Microsoft-owned subsidiary noted that the following npm install behaviors that used to r...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-15193

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.5AI score
Exploits0References7Affected Software1
Cvelist
Cvelist
added 4 hours ago5 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS
Exploits0References7
Vulnrichment
Vulnrichment
added 4 hours ago4 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.7AI score
Exploits0References7
CVE
CVE
added 4 hours ago7 views

CVE-2026-15193

CVE-2026-15193 affects AidanPark openclaw-android up to 0.4.0. The issue resides in Android WebView Bridge's JsBridge.kt (unknown function) and enables OS command injection via local access. Publicly disclosed exploit details exist, and a fix is awaiting acceptance in a pull request. Remediation ...

5.3CVSS5.7AI score
Exploits0References7
EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-42626

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.7AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago2 views

Malicious code in nonenull1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7b1ed48fcae410e28bdade3bf5a715b8c4b1390e43591f8263964d8ee302b43 On npm install, [email protected] auto-executes a credential stealer via node-gyp. package.json sets gypfile: true, and the shipped binding.gyp declare...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 5 hours ago15 views

Payload

🇹🇩 TCHAD PAYLOAD - Outil Interactif Éducatif Créé par la co...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.3AI score
Exploits0References6
CVE
CVE
added 5 hours ago5 views

CVE-2026-58459

gpsd (through release-3.27.5) contains a command-injection in gpsprof when processing the GPS device subtype value. The subtype is written into a generated gnuplot program via a set title statement with only quotes escaped, enabling arbitrary shell commands to execute as the user running gnuplot ...

8.4CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS
Exploits0References5
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42622

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.3AI score
Exploits0References5
GithubExploit
GithubExploit
added 5 hours ago14 views

Exploit for Code Injection in Xwiki

XWiki SolrSearch Unauthenticated RCE CVE-2025-24893 ---...

9.8CVSS5.9AI score0.99898EPSS
Exploits51
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago2 views

Malicious code in multer-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 489805f0242c070653fa4e09c782d8135971a370b3ae292d31d721507332a12f Package name impersonates the popular multer middleware and copies its README/repo metadata. On require'multer-orm', index.js loads lib/feature.js,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago3 views

Malicious code in chunk-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ffcc87316488b883c382ff45dd16c0bccb3cba432351f0716f239f81be79017 The package advertises itself as a 'Pure Node.js chunk parser platform' but its shipped code is a full remote-access trojan under internal identifier...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago2 views

Malicious code in cursed-ecto-d3ab00 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49348969de68b56d680a46f67f817053621fa41a5220d8cd0bc1da720e77a5a1 The package has no legitimate functionality index.js is an empty module and exists solely to run an install-time attack payload. All four lifecycle...

6AI score
Exploits0References4
Wordfence Blog
Wordfence Blog
added 5 hours ago4 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)

Last week, there were 246 vulnerabilities disclosed in 179 WordPress Plugins and 40 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 100 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 6 hours ago4 views

netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

7.1CVSS6.7AI score0.00198EPSS
Exploits1References5
Rows per page
Query Builder