11227 matches found
PT-2026-23059
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses zipfile.extractall...
NLTK 路径遍历漏洞
NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK versions 3.9.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from multiple CorpusReader classes not properly...
PT-2026-23058
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description The software contains a reflected cross-site scripting XSS issue in the /rss/tag/ endpoint. The tag uuid path parameter is directly included in the HTTP response without proper HTML...
GHSA-XMV6-R34M-62P4 OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot
Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot
Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...
GHSA-5FVC-7894-GHP4 Craft CMS has Twig Function Blocklist Bypass
Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either have allowAdminChanges enabled on production, or a compromised admin account, or an...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
OpenClaw vulnerable to arbitrary file read via $include directive
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
EUVD-2026-9314
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
Summary of CVE-2026-2606 (IBM webMethods API Management & Gateway on‑prem): The vulnerability arises from improper validation of user-supplied input in the url parameter of the /createapi endpoint. An attacker can modify the parameter to use a file:// URI schema instead of https://, enabling unau...
CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2025-63909
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...
Exploit for Path Traversal in Jenkins
poc-CVE-2024-...
Exploit for CVE-2024-2961
CVE-2026-22200: osTicket Arbitrary File Read to RCE...
BIT-ELK-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2025-63909
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...
PT-2026-22805
IBM webMethods API Gateway on-prem 10.11 through 10.11 Fix3210.15 to 10.15 Fix2711.1 to 11.1 Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...