CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

Autogram 安全漏洞

Autogram is a multi-platform file signature and verification desktop application developed by Slovensko.Digital. There is a security vulnerability in Autogram, which stems from improper restrictions on XML external entity references in the XMLUtils.java file. This vulnerability could allow remote...

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read files outside of the workspace...

PT-2026-26320

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log type parameter to /logsave.htm...

PT-2026-26284

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained security vulnerabilities. These vulnerabilities stemmed from improper URL scheme validation in the assertBrowserNavigationAllowed function. This allowed unauthorize...

FreeBSD : UniFi Network Application - Multiple vulnerabilities (71b4ce56-23c5-11f1-b865-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 71b4ce56-23c5-11f1-b865-b42e991fc52e advisory...

SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filename configuration parameter in the file dictionary fieldtype endpoint. An attacker can access arbitrary .json, .yaml, and .csv files from the server by manipulating this parameter. Details A Directory...

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

PT-2026-26182

Name of the Vulnerable Software and Affected Versions Mesop versions 1.2.2 and below Description Mesop, a Python-based UI framework, contains a Path Traversal vulnerability. This allows a user providing an untrusted state token through the UI stream payload to target files on the disk when using...

PT-2026-26169

Name of the Vulnerable Software and Affected Versions UniFi Network Application versions prior to 10.1.89 Description A Path Traversal issue exists due to improper restriction of directory path names. This allows an unauthenticated malicious actor with network access to access files on the...

EUVD-2026-12474

AWS API MCP File Access Restriction Bypass...

GHSA-2CPP-J2FC-QHP7 AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...

AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...