Lucene search
K

75 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-33646 mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 4:39 a.m.52 views

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

6AI score
Exploits0
NVD
NVD
added 2026/05/14 5:16 p.m.36 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00865EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/13 2:15 a.m.16 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

8.8CVSS6AI score0.00658EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/12 11:25 p.m.14 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

8.8CVSS6AI score0.00658EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/12 11:22 p.m.12 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

8.8CVSS6AI score0.00658EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 6:39 p.m.11 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
CVE
CVE
added 2026/05/05 8:52 p.m.26 views

CVE-2026-40068

CVE-2026-40068 affects Claude Code versions 2.1.63–2.1.83. The vulnerability arises from trusting the git worktree commondir file without validating its contents, allowing a crafted repository to point to a previously trusted path. This could bypass the trust dialog and cause immediate execution ...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/05 8:52 p.m.29 views

EUVD-2026-27502

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 8:52 p.m.9 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/05 12:16 p.m.25 views

CVE-2026-43571

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS0.00386EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.4 views

CVE-2026-43571

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.36 views

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS0.00386EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:25 a.m.16 views

CVE-2026-43571

OpenClaw prior to version 2026.4.10 contains a vulnerability where channel setup catalog lookups can resolve workspace plugin shadows before bundled channel plugins, effectively bypassing plugin trust gates during setup-time loading. This trust bypass is due to how workspace plugins are resolved,...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/05 11:25 a.m.6 views

EUVD-2026-27293

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 7:8 p.m.13 views

Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/24 2:38 a.m.7 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-37099

Name of the Vulnerable Software and Affected Versions Claude Code versions 2.1.63 through 2.1.83 Description The folder trust determination logic fails to validate the contents of the git worktree commondir file. An attacker can craft a malicious repository with a commondir file pointing to a pat...

7.7CVSS5.9AI score0.00281EPSS
Exploits0References7
Rows per page
Query Builder