86 matches found
GHSA-45CG-2683-GFMQ OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Impact assertBrowserNavigationAllowed validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows. Affected Component -...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
PT-2026-22805
IBM webMethods API Gateway on-prem 10.11 through 10.11 Fix3210.15 to 10.15 Fix2711.1 to 11.1 Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
PT-2026-26390
Impact assertBrowserNavigationAllowed validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows. Affected Component -...
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
PT-2025-51776
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the / vite rsc findSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by...
curl: Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization
Summary: The dedotdotify function in lib/urlapi.c is responsible for removing path traversal sequences ../ and ./ from URLs according to RFC 3986. However, the function only recognizes literal forward slashes / when identifying path segments and does not handle URL-encoded slashes %2f or %2F. Thi...
Siemens SIMATIC S7-1500 Improper Limitation of a Pathname to a Restricted Directory (CVE-2019-9948)
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. This plugin only works with Tenable.ot. Please...
DRUPAL-CORE-2025-008
The core system module handles downloads of private and temporary files. Contrib modules can define additional kinds of files schemes that may also be handled by the system module. In some cases, files may be served with the HTTP header Cache-Control: public when they should be uncacheable. This...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...
EUVD-2019-19302
Malware in sbrugna...
EUVD-2022-25465
Malicious code in bioql PyPI...
CVE-2022-20205
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
PT-2025-4134 · Spatie · Spatie/Browsershot
Name of the Vulnerable Software and Affected Versions: spatie/browsershot versions prior to 5.0.5 Description: The issue is related to improper input validation in the setHtml function, which can be bypassed by omitting slashes in the file URI, such as file:../../../../etc/passwd. This is due to...
Local File System Validation Bypass
craftcms/cms is vulnerable to local file system validation bypass. The vulnerability is due to improper validation of file paths, allowing attackers to exploit a double file:// scheme to bypass restrictions and access or overwrite sensitive files...
Improper File URI Scheme Validation
changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...
Access Control Bypass
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Access Control Bypass through the normalizePath function, by utilizing a double file:// scheme to bypass local file system validation. Note: This is only exploitable if the administrator has ...
CraftCMS 路径遍历漏洞
CraftCMS is a content management system from CraftCMS, Inc. A path traversal vulnerability exists in CraftCMS versions 5.0.0-RC1 through 5.4.5.1 and 4.0.0-RC1 through 4.12.4.1, which stems from a vulnerability that could allow an attacker to inject a payload to remotely execute code by bypassing...
PT-2024-35157 · Craft Cms · Craft Cms
Name of the Vulnerable Software and Affected Versions: CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6 Description: A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify...
CVE-2024-5022
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS 126...