Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/03/04 7:2 p.m.7 views

OpenClaw has agent avatar symlink traversal in gateway session metadata

Summary A crafted local avatar path could follow a symlink outside the agent workspace and return arbitrary file contents as a base64 data: URL in gateway responses. Impact - Confidentiality impact: local file read in the gateway process context. - Exfiltration path: agents.list can return the...

6AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2026-2692

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has be...

6.5CVSS5.3AI score0.00517EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20571

Name of the Vulnerable Software and Affected Versions CoCoTeaNet CyreneAdmin versions up to 1.3.0 Description A path traversal issue exists in the Image Handler component of CoCoTeaNet CyreneAdmin. The issue is located in the /api/system/user/getAvatar file, where manipulation of the Avatar...

6.5CVSS4.7AI score0.00517EPSS
Exploits1References5
CVE
CVE
added 2025/10/19 3:32 p.m.10 views

CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

8.1CVSS5.5AI score0.00834EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder