Lucene search
K

5643 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 9:35 p.m.9 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/08 9:35 p.m.16 views

CVE-2026-42212

CVE-2026-42212 – SolidCAM-GPPL-IDE (Postprocessor IDE) affects versions 1.0.0–1.0.1 of the unofficial SolidCAM extension. The VMID parser loads XML with XDocument.Load(...) without XmlReaderSettings, enabling DTD processing and leading to XXE and related risks. Impact per sources includes local f...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 6:28 p.m.7 views

Directory Traversal

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied input in the gettemproot and post functions. An attacker can gain unauthorized access to files and execute arbitrary...

9.8CVSS6.5AI score0.05982EPSS
Exploits4References2
NVD
NVD
added 2026/05/08 4:16 a.m.28 views

CVE-2026-44298

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

4.9CVSS0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Postprocessor IDE for SolidCAM 资源管理错误漏洞

Postprocessor IDE for SolidCAM is a GPPL language development support tool developed by Andrey Zorin. Versions of Postprocessor IDE for SolidCAM from 1.0.0 to 1.0.2 contained a resource management vulnerability. This vulnerability arose from the language server’s parsing of.vmid files in the same...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.15 views

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/05/06 7:16 p.m.7 views

CVE-2026-41936

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

8.6CVSS0.00271EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:27 p.m.10 views

CVE-2026-41936

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

8.6CVSS5.9AI score0.00271EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/06 6:27 p.m.12 views

EUVD-2026-27892

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

8.6CVSS5.9AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38303

Name of the Vulnerable Software and Affected Versions Mako affected versions not specified Description On Windows, a path traversal issue exists where URIs using backslash traversal e.g., ....secret.txt can bypass directory traversal checks in Template. init and normalization in TemplateLookup.ge...

9.8CVSS5.8AI score0.00609EPSS
Exploits1References179
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38222

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated site admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

8.6CVSS5.8AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2026/05/05 12:16 p.m.9 views

CVE-2026-42438

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.5 views

EUVD-2026-27277

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

8.9CVSS5.9AI score0.00369EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.40 views

CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

8.9CVSS0.00369EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.4 views

CVE-2026-42438

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27259

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.11 views

CVE-2026-42438

OpenClaw version 2026.4.9 and older is affected by a sender policy bypass in the outbound host-media attachment read helper, enabling unauthorized local file disclosure when an attacker has denied read access via toolsBySender or group policy. The bypass can circumvent sender and group-scoped aut...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.34 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS0.00236EPSS
Exploits0References3
Rows per page
Query Builder