872 matches found
CLSA-2026-1777544655 rsync: Fix of 2 CVEs
CVE-2024-12086: prevent server from reading arbitrary client files via path traversal - CVE-2025-10158: fix invalid access to files array in sender - Add upstream stability fix RsyncProject/rsync PR 706: use-after-free in generator - Enable Amazon Linux 2 ELS...
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization inconsistent permission checks for pages.access, pages.list, files.access, and files.list in the Panel and REST API. An attacker can gain unauthorized access to content or sensitive information by exploiting...
GHSA-85X2-R8XV-WW8C Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...
Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had a path traversal vulnerability. This vulnerability stemmed from ACP scheduling involving path traversal, which could allow attackers to read arbitrary files by manipulati...
Placement of User into Incorrect Group
Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Placement of User into Incorrect Group in the process responsible for assigning primary group IDs when a user's primary group ID differs from their...
EUVD-2026-25626
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...
CVE-2026-34428 Vvveb < 1.0.8.1 SSRF via oEmbedProxy
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...
EUVD-2026-23446
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...
Incorrect Authorization
Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...
CVE-2024-8010
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
PT-2026-33196
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-39981 AGiXT has a Path Traversal in safe_join()
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...
UNIX Symbolic Link (Symlink) Following
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the Matches function due to improper use of strings.HasPrefix for path matching without ensuring a directory boundary. An attacker can gain unauthorized access to files in directories with names that share a commo...
PT-2026-31280
Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...
CVE-2026-34078
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...
CVE-2026-39364
Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...
CVE-2026-39364
CVE-2026-39364 affects the Vite dev server. Vulnerable versions include Vite 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4; on those, files that should be blocked by server.fs.deny (e.g., .env, *.crt) could be retrieved via HTTP 200 when requesting with certain query params (?raw, ?import&raw, or ?...