Lucene search
K

44534 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

PaperCut MF < 25.0.11 Path Traversal (CVE-2026-6418)

The version of PaperCut MF installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...

4.9CVSS6AI score0.00376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the...

7.5CVSS6AI score0.00933EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/06 9:31 p.m.18 views

EUVD-2026-28188

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 9:21 p.m.9 views

Directory Traversal

Overview org.openmrs.web:openmrs-web is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system EMR. Affected versions of this package are vulnerable to Directory Traversal via the WebModuleUtil.startModule function in POST...

9.4CVSS6.4AI score0.00853EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 9:20 p.m.8 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser interaction routes. An attacker can access arbitrary files by bypassing navigation guards and leveraging browser act/evaluate interactions to pivot...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:19 p.m.12 views

Arbitrary File Upload

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary File Upload via the blueprint-upload process. An attacker can gain full administrative access by uploading a crafted YAML file to th...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References3
NVD
NVD
added 2026/05/06 9:16 p.m.7 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS0.00611EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:46 p.m.6 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/06 8:40 p.m.8 views

Directory Traversal

Overview magic-wormhole is a Securely transfer data between computers Affected versions of this package are vulnerable to Directory Traversal via the receive process when the --output parameter is set to an existing directory. An attacker can overwrite files outside the intended directory by...

5.1CVSS6.3AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 7:49 p.m.17 views

CVE-2026-44111

OpenClaw prior to 2026.4.15 is affected by an arbitrary file read in the QMD backend memory_get function. The flaw allows callers with access to the memory tool to bypass path restrictions and read any Markdown files within the workspace root, including files outside canonical memory locations or...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.28 views

CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.6 views

CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 7:49 p.m.13 views

CVE-2026-43577

OpenClaw is affected by a file-read vulnerability prior to version 2026.4.9. The issue allows an attacker to bypass navigation guards via browser act/evaluate interactions, pivot into the local CDP origin, and create or read disallowed file:// pages despite navigation policy restrictions. Impact ...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 7:38 p.m.5 views

GHSA-7545-FCXQ-7J24 GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References4
CVE
CVE
added 2026/05/06 7:32 p.m.22 views

CVE-2026-40076

OpenMRS Core (CVE-2026-40076) is vulnerable to Zip Slip via the module upload REST endpoint (POST /openmrs/ws/rest/v1/module). The flaw is in WebModuleUtil.startModule(): ZIP entries under web/module/ are written without normalizing paths, allowing traversal like web/module/foo/../../../../evil.j...

9.4CVSS6.5AI score0.00853EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 7:32 p.m.6 views

CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00853EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/06 6:30 p.m.12 views

EUVD-2026-27873

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and content.files values or creati...

9.3CVSS5.9AI score0.00148EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 5:16 p.m.17 views

CVE-2026-7875

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

9.3CVSS0.00148EPSS
Exploits0References3
Wordfence Blog
Wordfence Blog
added 2026/05/06 4:39 p.m.7 views

Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin

On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a vulnerable version, as the issue...

8.8CVSS6.6AI score0.00815EPSS
Exploits0
CVE
CVE
added 2026/05/06 4:10 p.m.17 views

CVE-2026-7875

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup. A compromised or prompt-injected container can read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or by creating sym...

9.3CVSS5.9AI score0.00148EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder