EUVD-2026-13016

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

EUVD-2020-25347

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uncalled rcubarrier, which could lead to the execution of unintended code when a module is uninstalled...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1938)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence...

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure file handling due to the ability of an attacker to place files in specific locations that can trigger execution of unintended code...

CVE-2021-37326

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

Arbitrary Code Execution

Apache Airflow is vulnerable to Arbitrary Code Execution. The vulnerability is due to DAG authors being able to add local settings to the DAG folder, which are then executed by the scheduler, allowing unintended code execution...

Uncontrolled Search Path Element in sharkdp/bat

bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution...

CVE-2021-37326

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

CVE-2021-37326

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

Code injection

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

Uncontrolled Search Path Element in sharkdp/bat

bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution...

GHSA-CR67-78JR-J94P Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

Design/Logic Flaw

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...