Vendor

VulnCheck

3 briefs RSS

Claude HUD Command Injection Vulnerability via COMSPEC Manipulation (CVE-2026-47092)

Claude HUD through version 0.0.12 is vulnerable to command injection (CVE-2026-47092) allowing a local attacker to execute arbitrary commands on a Windows system by manipulating the COMSPEC environment variable; this vulnerability has been patched in commit 234d9aa.

Claude HUD command-injection vulnerability windows

2r 1t 1c May 18, 2026

critical advisory

GitBucket 4.23.1 Unauthenticated Remote Code Execution Vulnerability (CVE-2018-25332)

2 rules 2 TTPs 1 CVE

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability (CVE-2018-25332) allowing attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality via a malicious JAR plugin.

GitBucket 4.23.1 cve rce gitbucket unauthenticated

2r 2t 1c May 17, 2026

high advisory

OpenClaw Heredoc Shell Expansion Bypass (CVE-2026-44115)

2 rules 1 TTP 1 CVE

OpenClaw before 2026.4.22 is vulnerable to shell expansion in unquoted heredoc bodies, allowing attackers to bypass exec allowlist validation and execute unauthorized commands.

OpenClaw cve-2026-44115 shell-expansion heredoc allowlist-bypass incomplete-list-of-disallowed-inputs

2r 1t 1c May 6, 2026