CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20807 matches found

Positive Technologies•added 2026/03/04 12:0 a.m.•3 views

PT-2026-23044

Name of the Vulnerable Software and Affected Versions OpenDeck versions prior to 2.8.1 Description OpenDeck is Linux software for the Elgato Stream Deck. The service listening on port 57118 serves static files for installed plugins without proper path sanitization. An attacker can use '../'...

5.9CVSS6.1AI score0.00431EPSS

Exploits1References6

Positive Technologies•added 2026/03/04 12:0 a.m.•6 views

PT-2026-23059

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses zipfile.extractall...

9.3CVSS5.9AI score0.00527EPSS

Exploits1References11

Tenable Nessus•added 2026/03/04 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005627 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leak...

5.5CVSS5.9AI score0.00145EPSS

Exploits0References4

OSV•added 2026/03/03 8:2 p.m.•2 views

GHSA-9J26-99JH-V26Q WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

Impact An unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration secrets, internal keys, credentials, and service disruption...

9.8CVSS6.4AI score0.02132EPSS

Exploits2References3

Github Security Blog•added 2026/03/03 8:2 p.m.•5 views

WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

9.8CVSS6.4AI score0.02132EPSS

Exploits2References3Affected Software1

Snyk•added 2026/03/03 7:58 p.m.•2 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via stageSandboxMedia when iMessage remote attachment fetching is enabled and the attacker can inject or tamper with attachment path metadata. An attacker can access...

8.2CVSS6.5AI score0.00344EPSS

Exploits0References2

Snyk•added 2026/03/03 7:57 p.m.•1 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the $include directive in configuration file resolution. An attacker can access arbitrary files outside the intended directory by specifying absolute or traversal...

6.9CVSS6.2AI score0.00146EPSS

Exploits0References2

Snyk•added 2026/03/03 7:8 p.m.•2 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal in detectAndLoadPromptImages or loadImageFromRef. An attacker can access and load image data from out-of-workspace paths by referencing mounted paths in prompt text...

8.9CVSS6.2AI score

Exploits0References2

Snyk•added 2026/03/03 6:54 p.m.•2 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the gateway plugin authentication. An attacker can gain unauthorized access to protected API channel routes by sending requests with encoded dot-segment traversal ...

9.3CVSS6.2AI score0.00433EPSS

Exploits0References3

Snyk•added 2026/03/03 6:42 p.m.•5 views

Directory Traversal

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Directory Traversal via media.ts. An attacker can write arbitrary files outside the intended temporary directory by supplying crafted Feishu medi...

9.1CVSS6.2AI score0.00339EPSS

Exploits0References2

Snyk•added 2026/03/03 6:11 p.m.•3 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via improper validation of media local-paths in the sandbox. An attacker can access and exfiltrate files outside the intended sandbox boundary by supplying absolute...

8.6CVSS6.2AI score0.00344EPSS

Exploits0References2

Snyk•added 2026/03/03 6:9 p.m.•1 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the hooks.mappings.transform.module module. An attacker can execute arbitrary code with the privileges of the gateway process by specifying a path outside the...

9.8CVSS6.6AI score0.00439EPSS

Exploits0References2

Snyk•added 2026/03/03 3:31 p.m.•3 views

Directory Traversal

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Directory Traversal through the import process when handling .ovpack files. An attacker can overwrite or create arbitrary files outside the intended directory by crafting malicious ZIP...

8.4CVSS6.2AI score0.00181EPSS

Exploits0References2

OSV•added 2026/03/03 3:31 p.m.•3 views

GHSA-RPQR-J937-6QR9 OpenViking contains a Path Traversal vulnerability

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS

Exploits0References5

Github Security Blog•added 2026/03/03 3:31 p.m.•6 views

OpenViking contains a Path Traversal vulnerability

8.4CVSS6AI score0.00181EPSS

Exploits0References5Affected Software1