OpenClaw has a Path Traversal in Browser Download Functionality

Summary OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema no...

EUVD-2025-26369

Malicious code in bioql PyPI...

CVE-2025-11018

Four-Faith Water Conservancy Informatization Platform 1.0 is affected by a path traversal flaw. The vulnerability lies in the handling of the fileName argument of the endpoint chain /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do, enabling remote exploitation. An exploit has bee...

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute pat...

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute pat...

CVE-2025-58161

MobSF (Mobile Security Framework) CVE-2025-58161: The 4.4.0 release exposes a directory traversal via GET /download/ caused by using os.path.commonprefix for path validation. An authenticated user can access files outside the DWD_DIR by requesting a path like /download////file (or equivalents tha...

Mobile Security Framework 路径遍历漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. It is used for penetration testing, malware analysis and security assessments, and is capable of performing both static and dynamic analysis. A path traversal vulnerability...

PT-2025-35521

Name of the Vulnerable Software and Affected Versions: MobSF version 4.4.0 Description: The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the intended download directory from neighboring directories with...

VulnCheck KEV: CVE-2023-35843

NocoDB through 0.106.0 or 0.109.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...

CVE-2024-42485

CVE-2024-42485 affects Filament Excel. The vulnerability exists in the export download route /filament-excel/{path}, where an attacker could leverage directory traversal using ../ to download arbitrary files without authentication when the webserver allows such paths. This could disclose sensitiv...

Improper Access Control

ezsystems/ezplatform is vulnerable to Improper Access Control. The vulnerability is caused by missing validations in the file download route used for downloading files by specifying the name of the downloaded file. An attacker can construct download URLs with filenames that have no relation to th...

GHSA-G95C-XC83-8353 Ibexa DXP Download route allows filename change

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

Ibexa DXP Download route allows filename change

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

GHSA-946C-F9W6-2C25 Download route allows filename change in eZpublish kernel

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2

Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...

Directory Traversal

nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...

CVE-2023-35843

NocoDB through 0.106.0 or 0.109.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...

Path traversal

NocoDB through 0.106.0 or 0.109.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...

PT-2023-6539 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions 0.106.0 and earlier NocoDB version 0.109.1 Description: The issue is related to a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter ...