11180 matches found
CVE-2018-25311
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...
CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...
CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...
CLSA-2026-1777446306 python: Fix of CVE-2019-9948
CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...
CVE-2026-41911
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf48-qfv4-jjm9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension...
GHSA-QP56-GP47-JWJ3 Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf48-qfv4-jjm9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension...
OpenClaw path traversal vulnerability (CNVD-2026-19027)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass file system sandboxing restrictions to read arbitrary files...
CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
CVE-2026-41363
OpenClaw vulnerable versions 2026.2.6–2026.3.24 due to a path traversal flaw in the Feishu extension resolveUploadInput function. Improper path resolution during upload_image operations allows reading arbitrary files outside configured localRoots, bypassing file-system sandbox restrictions. Impac...
CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
CVE-2026-7159 douinc mkdocs-mcp-plugin server.py list_documents path traversal
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-30351
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...
PT-2026-35558
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A path traversal issue exists in the ACP dispatch component. This allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths, bypassing the root directory...
PT-2026-35554
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-30351
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...
BinExploit-Bench
BinExploit-Bench: Binary Exploitation Capability Benchmark for...