Lucene search
K

965 matches found

CVE
CVE
added 2026/05/11 6:45 p.m.21 views

CVE-2026-8319

The CVE-2026-8319 entry affects aiwaves-cn agents, specifically the component cheshire_cat_core and the function recall_relevant_memories_to_working_memory in stray_cat.py. The issue is described as causing resource consumption and is exploitable remotely, with a publicly available exploit. Becau...

6.9CVSS5.7AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 12:0 a.m.14 views

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/09 2:0 a.m.9 views

CVE-2026-43472

A flaw was found in the Linux kernel's unshare system call. A local user, when attempting to create new namespaces with specific flags, could encounter a scenario where the process's current working directory and root directory pointers become detached. This occurs if the cgroup namespace creatio...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:15 p.m.11 views

@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...

6.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/05 9:15 p.m.4 views

GHSA-CFCJ-HQPF-HCCF @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...

8.8CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/05 6:43 p.m.13 views

GHSA-R39H-4C2P-3JXP OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Summary OpenClaw's bundled plugin setup resolver could fall back to process.cwd while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing extensions//setup-api.js, OpenClaw could load and execute that JavaScript during ordinary...

7.8CVSS6.4AI score0.00144EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/05 6:43 p.m.8 views

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

6.3AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the outPath parameter of the screenrecord tool. By bypassing the file system...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.5 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.01334EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 10:16 p.m.6 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS0.01334EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 8:15 p.m.6 views

EUVD-2026-26153

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.01334EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 8:15 p.m.32 views

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS0.01334EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 8:15 p.m.10 views

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

7.5CVSS7AI score0.01334EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

MyMCP 注入漏洞

MyMCP is a tool developed by Eiliya’s individual developer, capable of executing multiple AI coding tasks simultaneously. MyMCP has a vulnerability that stems from an unknown function parameter in the codewithai component, specifically the operation workingdir/editablefiles. This operation leads ...

7.5CVSS7.1AI score0.01334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35829

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider mcp.py of the component code with ai. The manipulation of the argument working dir/editable files leads to command injection. The attack may ...

7.5CVSS7AI score0.01334EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 6:31 p.m.5 views

GHSA-2CXP-XQ3C-MJXX Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS0.00133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.5 views

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.7AI score0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 11:8 p.m.35 views

CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment...

8.6CVSS0.0013EPSS
Exploits0References2
Rows per page
Query Builder