Lucene search
+L

175 matches found

vulnrichment
vulnrichment
added yesterday9 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References4
nvd
nvd
added 2026/06/18 8:16 p.m.14 views

CVE-2026-48980

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/18 7:26 p.m.21 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50781

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description This software provides hardware authentication for Linux using removable media. A flaw exists where the getenv function allows environment variable injection into local-check logic via the XRDP...

6.3CVSS5.9AI score0.00127EPSS
Exploits0References8
nvd
nvd
added 2026/06/16 7:17 p.m.14 views

CVE-2026-53858

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS0.00124EPSS
Exploits0References2
nvd
nvd
added 2026/06/16 7:17 p.m.14 views

CVE-2026-53842

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7.1CVSS0.00133EPSS
Exploits0References2
osv
osv
added 2026/06/16 6:4 p.m.4 views

CVE-2026-53842 OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7CVSS6.3AI score0.00133EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.21 views

PT-2026-49775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...

7.1CVSS5.6AI score0.00124EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/28 4:15 p.m.37 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/28 4:15 p.m.8 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
osv
osv
added 2026/05/28 4:15 p.m.3 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.2AI score0.00232EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/05/26 2:12 a.m.17 views

CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS5.8AI score0.00119EPSS
Exploits0References1
euvd
euvd
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29137

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS5.8AI score0.00119EPSS
Exploits0References4
nvd
nvd
added 2026/05/11 6:16 p.m.18 views

CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS0.00119EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/11 4:46 p.m.7 views

CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS5.8AI score0.00119EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-44992 OpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenv

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS5.8AI score0.00119EPSS
Exploits0References3
osv
osv
added 2026/05/11 4:46 p.m.3 views

CVE-2026-44992 OpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenv

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

4.1CVSS5.9AI score0.00119EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.27 views

PT-2026-39681

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX API HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization header...

5CVSS5.8AI score0.00119EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.5 to 2026.4.20 contained a security vulnerability. This vulnerability was caused by environmental variable injection, which could lead to the dotenv workspace overriding...

5CVSS5.8AI score0.00119EPSS
Exploits0References1
euvd
euvd
added 2026/05/09 7:29 p.m.10 views

EUVD-2026-28935

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...

9.3CVSS5.9AI score0.00404EPSS
Exploits1References1
Rows per page
Query Builder