Lucene search
+L

17 matches found

nvd
nvd
added 2026/07/08 10:17 p.m.5 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS0.0016EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/08 9:10 p.m.6 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/06/12 7:59 p.m.32 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS0.00287EPSS
Exploits1References1
euvd
euvd
added 2026/05/21 9:27 a.m.13 views

EUVD-2026-31263

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS6AI score0.00305EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/21 9:27 a.m.7 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS6AI score0.00305EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/21 9:27 a.m.44 views

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

0.00305EPSS
Exploits0References1
snyk
snyk
added 2026/04/02 9:32 p.m.13 views

Incomplete List of Disallowed Inputs

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the validateScriptFileForShellBleed process. An attacker can execute unauthorized script content by crafting piped, substituted, or...

5.4CVSS5.9AI score0.00303EPSS
Exploits0References2
osv
osv
added 2026/04/02 9:32 p.m.4 views

GHSA-RF75-G96H-J3RM Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fvx6-pj3r-5q4q. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protecti...

5.4CVSS6.1AI score0.00303EPSS
Exploits0References4
github
github
added 2026/04/02 9:32 p.m.7 views

Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fvx6-pj3r-5q4q. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protecti...

5.4CVSS6.1AI score0.00303EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/04/02 6:15 p.m.1 views

CVE-2026-34425

OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped...

5.4CVSS6.1AI score0.00303EPSS
Exploits0References4
cve
cve
added 2026/04/02 6:15 p.m.29 views

CVE-2026-34425

OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in the shell-bleed protection. The bypass lets attackers craft piped, subshell, or command-substitution forms that the parser fails to recognize, enabling execution of blocked script content that would otherwise be bl...

5.4CVSS6.1AI score0.00303EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.5 views

PT-2026-29868

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to commit 8aceaf5 Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in shell-bleed protection. This allows attackers to execute blocked script content by using piped or complex...

5.4CVSS6.1AI score0.00303EPSS
Exploits0References9
githubexploit
githubexploit
added 2026/01/01 5:4 a.m.175 views

Exploit for CVE-2024-41997

Warp Terminal RCE CVE-2024-41997 Command injection via unsa...

6.6CVSS8.2AI score0.012EPSS
Exploits1
vulnrichment
vulnrichment
added 2018/08/15 8:0 p.m.13 views

CVE-2018-0428

A vulnerability in the account management subsystem of Cisco Web Security Appliance WSA could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access...

6.9AI score0.00436EPSS
Exploits0References3
cisco
cisco
added 2018/08/15 4:0 p.m.65 views

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the account management subsystem of Cisco Web Security Appliance WSA could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access...

6.7CVSS2.8AI score0.00436EPSS
Exploits0References1
zdt
zdt
added 2015/01/29 12:0 a.m.49 views

FortiAuthenticator v300 build 0007 Multiple Vulnerabilities

Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities. Fortinet FortiAuthenticator Multiple Vulnerabilities Affected Versions: Verified on FortiAuthenticator v300 build 0007 +-------------+ | Description |...

7AI score0.01091EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.398 views

Aerohive Hive Manager and Hive OS Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Affected Versions: Aerohive Hive Manager Stand-alone and Cloud = 6.1R3 and HiveOS 6.1R3 PDF:...

0.5AI score
Exploits0
Rows per page
Query Builder