20839 matches found
Directory Traversal
Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Directory Traversal via the sendMediaFeishu function. An attacker can access arbitrary local files by supplying crafted file paths as the mediaUr...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the plugin installation. An attacker can overwrite files outside the intended directory by submitting a malicious plugin manifest with crafted directory names...
CVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...
Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotat...
Directory Traversal
Overview github.com/labstack/echo/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, ...
Directory Traversal
Overview github.com/labstack/echo/v5/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static roo...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, in the process's working directory and its subdirectories, with...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, in the process's working directory and its subdirectories, with...
GHSA-PGVM-WXW2-HRV9 Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...
Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...
PT-2026-23526
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.20 through 2026.2.1 Description The software’s plugin installation process does not properly validate plugin package names, allowing attackers to write files outside the intended installation directory. Specifically,...
CVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...
CVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...
CVE-2025-59793
CVE-2025-59793 Details (MODE C) Rocket TRUfusion Enterprise (
CVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...
A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection
Cryptographic digests e.g., MD5, SHA-256 are designed to provide exact identity. Any single-bit change in the input produces a completely different hash, which is ideal for integrity verification but limits their usefulness in many real-world tasks like threat hunting, malware analysis and digita...
PT-2026-20330
Name of the Vulnerable Software and Affected Versions Echo versions 5.0.0 through 5.0.2 Description Echo, a Go web framework, has an issue where the middleware.Static component, when used with the default filesystem on Windows, allows path traversal through backslashes. This enables unauthenticat...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
CVE-2026-2469
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...