Shadow

7 exploits Active since Apr 1999
CVE-2026-32063 WRITEUP HIGH WRITEUP
OpenClaw <2026.2.21 - Command Injection
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
CVSS 7.1
EIP-2026-113184 EXPLOITDB text WRITEUP
Waverider Systems Perlshop - Multiple Input Validation Vulnerabilities
EIP-2026-103830 EXPLOITDB perl WORKING POC
2^6 TCP Control Bit - Fuzzer (No ECN or CWR)
EIP-2026-103449 EXPLOITDB perl WORKING POC
DNS Recursion Bandwidth Amplification - Denial of Service (PoC)
CVE-1999-0491 EXPLOITDB text WORKING POC
GNU Bash < 2.04 - Code Injection
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-2001-0169 EXPLOITDB WORKING POC
glibc - Local Privilege Escalation
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
EIP-2026-100873 EXPLOITDB text WRITEUP
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection