CVE-2026-35029

CVE-2026-35029 affects LiteLLM, a proxy AI Gateway. The /config/update endpoint lacks admin authorization, allowing an authenticated user to modify proxy config and environment variables, register attacker-controlled Python code handlers, achieve remote code execution, read arbitrary server files...

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

Exploit for Deserialization of Untrusted Data in Metabase

CVE-2026-33725 A proof-of-concept exploit for CVE-2026-33725,...

VulnCheck KEV: CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

GHSA-2WVG-62QM-GJ33 pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission...

pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission...

GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

CVE-2026-26058 Zulip: Path Traversal in Import

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

CVE-2026-26058 Zulip: Path Traversal in Import

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

GHSA-58Q2-7R52-JQ62 OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

Summary Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the...

OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

Summary Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the...

GHSA-F6PF-4GJX-C94R OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

GHSA-57GH-M6RQ-54CF OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration

Summary Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still self-whitelists media parent dirs in...

OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration

Summary Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still self-whitelists media parent dirs in...

CVE-2026-35000

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

CVE-2026-34730

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...