CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

Auto Favicon MCP Server 代码问题漏洞

The Auto Favicon MCP Server is a tool developed by Yuey, a personal developer, for automatically generating website icons. The Auto Favicon MCP Server f189116a9259950c2393f114dbcb94dde0ad864b and previous versions have code vulnerabilities. These vulnerabilities stem from improper handling of the...

NVIDIA Megatron-LM Code Injection Vulnerability

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that originates in a tool component and can be exploited by an attacker to modify the...

Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability

Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution...