GHSA-F8MP-VJ46-CQ8V OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment

The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable. In threat-model terms, this...

EUVD-2025-30890

Malicious code in bioql PyPI...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

Uncontrolled Search Path Element

Overview @salesforce/cli is a The Salesforce CLI Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the Replace Trusted Executable feature. An attacker can execute arbitrary code by placing a malicious executable in a directory that is searched before the...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

PT-2025-39170

Name of the Vulnerable Software and Affected Versions Salesforce CLI versions prior to 2.106.6 Description A flaw exists in the Salesforce CLI on Windows that allows for malicious DLL injection due to an uncontrolled search path element. This can lead to the replacement of trusted executables...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

CVE-2023-40252

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

Code injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

CVE-2023-40252

The CVE-2023-40252 issue is an improper control of generation of code vulnerability in Genian NAC products (V4.0 from 4.0.0 to 4.0.155; V5.0 from 5.0.0 to 5.0.42; Suite V5.0 from 5.0.0 to 5.0.54; ZTNA from 6.0.0 to 6.0.15). The root cause is Code Injection that allows Replace Trusted Executable, ...

CVE-2023-40252

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...