CVE-2026-28518

OpenViking versions 0.2.1 and earlier are affected by a path traversal vulnerability in the .ovpack import handling. Malicious ZIP archives containing traversal sequences, absolute paths, or drive prefixes in member names can write files outside the intended import directory with the importing pr...

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.2. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This w...

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735)

Summary There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

PT-2026-26417

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The OpenClaw gateway plugin contains a path traversal issue that allows remote attackers to bypass route authentication checks. This is achieved by manipulating the /api/channels paths with...

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

STARDIS: Strategic Scheduling and Deceptive Signaling for Satellite Intrusion Detection System Deployment

Satellite communication networks operate under stringent computational constraints and are susceptible to sophisticated cyberattacks. This paper introduces a novel defense framework that decouples security optimization into ground-based analysis and onboard real-time execution. In the long-term...

PT-2026-22744

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

PT-2026-23522

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2.0.0-beta3 through 2026.2.13 Description The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The...

📄 GVfs 1.58.1 FTP Backend CRLF Injection

A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...

Linux Distros Unpatched Vulnerability : CVE-2026-27699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the sendAttachment and setGroupIcon message actions when sandboxRoot is unset. An attacker can read arbitrary files accessible to the runtime user by triggering...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the archive extraction process. An attacker can write arbitrary files outside the intended extraction directory by supplying a crafted archive during explicit...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or BDA are now included.

Summary The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or BDA and could provide weaker than expected security are now fixed., GUI: CVE-2025-59057, CVE-2025-68161, BDA: CVE-2025-66566, CVE-2024-6485, CVE-2025-12183, CVE-2025-67735 Vulnerability Details...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the sandbox skill mirroring command. An attacker can cause files to be written outside the intended workspace by supplying a crafted skill package with traversal...

GHSA-P25H-9Q54-FFVW OpenClaw has Zip Slip path traversal in tar archive extraction

Summary OpenClaw versions before 2026.2.14 did not sufficiently validate TAR archive entry paths during extraction. A crafted archive could use path traversal sequences for example ../../... to write files outside the intended destination directory Zip Slip. Affected Packages / Versions - Package...

OpenClaw has Zip Slip path traversal in tar archive extraction

Summary OpenClaw versions before 2026.2.14 did not sufficiently validate TAR archive entry paths during extraction. A crafted archive could use path traversal sequences for example ../../... to write files outside the intended destination directory Zip Slip. Affected Packages / Versions - Package...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the jsonlPath parameter in the a2uipush action, which is passed directly to the file reader without validation. An attacker can access arbitrary files on the serve...

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

ZDI-CAN-29312: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS...