Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack in the handling of browser trace and download output paths, specifically when processing temporary output. An attacker can overwrite arbitrary files by exploiting symlink...

GHSA-36H3-7C54-J27R OpenClaw has browser trace/download path symlink escape in temp output handling

Summary Browser trace/download output path handling allowed symlink-root and symlink-parent escapes from the managed temp root. Affected Packages / Versions - Package: openclaw npm - Latest published npm version: 2026.2.24 - Affected versions: = 2026.2.24 - Planned patched release: 2026.2.25 Impa...

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

GHSA-VMWQ-8G8C-JM79 OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

EUVD-2026-9073

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

CVE-2026-28269

Kiteworks PDN vulnerability (CVE-2026-28269) affects all versions prior to 9.2.0. A flaw in the command execution feature allows authenticated users to redirect command output to arbitrary file locations, enabling overwriting of critical system files and potential elevation of access. The issue i...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the restoreConfig function. An attacker can overwrite arbitrary files on the host system and cause permanent data loss by providing a maliciously crafted ZIP archive containing traversal paths and insufficient...

Zed 路径遍历漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.224.4 contained a path traversal vulnerability. This vulnerability stemmed from the extension’s archive extraction function, which did not validate the path traversal sequences in the filenames of ZIP archives, potential...

CVE-2026-20122 Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

CVE-2026-20122 Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

CVE-2026-20122

Cisco Catalyst SD-WAN Manager API vulnerability (CVE-2026-20122) affects the Cisco Catalyst SD-WAN Manager, including the Data Collection Agent service. The root cause is improper file handling and privileged API usage on the API interface, enabling an authenticated, remote attacker with valid re...

CVE-2025-62878

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

Directory Traversal

Overview rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesystem outside the...

Directory Traversal

Overview org.webjars.npm:rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesyste...

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...