CVE-2026-26098 Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

Owl Cyber Defense OPDS 代码问题漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a code vulnerability; this vulnerability stems from an uncontrolled search path element, which may lead to the exploitation of t...

Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to the deletion of any fi...

penpot 安全漏洞

Penpot is an open-source design tool developed by Penpot for collaboration in design and coding. Versions of Penpot prior to 2.13.2 contained a security vulnerability. This vulnerability allowed authenticated users to access arbitrary files by providing local file paths as font data blocks,...

CVE-2026-0727

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

CVE-2026-21878

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

PT-2026-8019

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.5.0.rc3 Description The BACnet Stack software contains a flaw in its file writing functionality. Specifically, there is a lack of validation for user-supplied file paths, which could allow attackers to write...

CVE-2019-25315

The CVE concerns WordPress Server Log Viewer 1.0, where a persistent XSS vulnerability exists through unfiltered log file paths. Attackers can create log files containing embedded XSS payloads that execute when viewed in the WordPress admin interface. The description provides CVSSv3.1/4.0 metrics...

CVE-2019-25315 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...

CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

OpenClaw Information Disclosure Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Import Errors view. An authenticated attacker can access sensitive information, such as file paths, code snippets, or stack traces related to DAGs they are not authorized to access. Remediation Upgrade...

PT-2026-7075

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

Oki、Ricoh和Murata Machinery多款产品 代码问题漏洞

The OKI Configuration Tool is a product of the OKI company. The OKI Configuration Tool is a configuration management tool. The RICOH SP C740 is a product of the Japanese RICOH company. The RICOH SP C740 is a color laser printer. The RICOH PC6000L is a color printer. There are code vulnerabilities...

CVE-2026-25475 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

Linux Distros Unpatched Vulnerability : CVE-2026-22444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...