6499 matches found
CVE-2026-32026
The CVE-2026-32026 issue affects OpenClaw before version 2026.2.24, where improper path validation in sandbox media handling permits access to absolute paths under the host temporary directory outside the active sandbox root. Exploitation via malicious media references in attachment delivery can ...
CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...
CVE-2026-32024
OpenClaw (npm) versions prior to 2026.2.22 are affected by a symlink traversal vulnerability in avatar handling that lets remote attackers read arbitrary files outside the configured workspace boundary by requesting avatar resources through gateway surfaces. The issue affects the openclaw package...
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
EUVD-2026-13288
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-33301
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...
EUVD-2026-13119
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
CVE-2026-30403
CVE-2026-30403 affects wgcloud before 3.6.3, where the vulnerable area is the test connection function in the backend database management module. The issue allows an attacker to perform an arbitrary file read on the victim’s server, exposing sensitive files. The description and connected sources ...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...
PT-2026-26305
CVE-2026-30403 There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read a… https://t.co/WiMRkDP1zD...
OpenClaw 路径遍历漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Path Validation Improperity vulnerability, which is caused by an incorrect path validation flaw in sandboxed media handling. An attacker can exploit the vulnerability to traverse a directory on a...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
PT-2026-26491
Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
OpenClaw 后置链接漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read arbitrary files outside the boundaries of the configuration workspace...
PT-2026-26485
Name of the Vulnerable Software and Affected Versions dagu versions 2.0.0 through 2.3.0 Description Dagu suffers from a path traversal issue due to incomplete fixes for CVE-2026-27598. The initial fix addressed path traversal in the CreateNewDAG function, but the locateDAG function still allows...