1066 matches found
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...
Amazon Linux 2023 : assertj-core, assertj-core-javadoc (ALAS2023-2026-1448)
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1448 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the extractToolResultMediaPaths process. An attacker can access and exfiltrate sensitive files from the system's temporary directory or other allowed local roots b...
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Impact assertBrowserNavigationAllowed validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows. Affected Component -...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the avatar handling. An attacker can access sensitive local files outside the intended workspace by submitting crafted symlink paths to the avatar interface. Remediatio...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the sendAttachment and setGroupIcon message actions when sandboxRoot is unset. An attacker can read arbitrary files accessible to the runtime user by triggering...
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 CVSS score: 8.8, has been described as a case of...
XML External Entity (XXE)
biopython is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML doctype declarations, which allows an attacker to inject malicious external entities and potentially read local files or access internal resources...
changedetection.io 路径遍历漏洞
Changedetection.io is a website-based application developed by dgtlmoon, designed for file change detection, monitoring, and notification. Versions of changedetection.io prior to 0.53.2 contained a path traversal vulnerability. This vulnerability stemmed from the /static// route accepting the...
CVE-2026-1227
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from...
CVE-2026-1669
Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...
CVE-2020-37192
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
ZOLL ePCR 安全漏洞
ZOLL ePCR is an electronic casualty reporting software developed by ZOLL Corporation in the United States. ZOLL ePCR has a security vulnerability, which stems from uncleaned user inputs being reflected into the WebView, potentially allowing arbitrary local file access...
WeGIA - Directory Traversal
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...
CVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...
CVE-2020-36944
ILIAS Learning Management System 4.3 is affected by a server-side request forgery (SSRF) vulnerability that lets an attacker read local files via the portfolio PDF export feature. The published description states an attacker can inject a script that uses XMLHttpRequest to retrieve local file cont...
CVE-2025-14610
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...
SUSE CVE-2026-24400
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...
Linux Distros Unpatched Vulnerability : CVE-2026-24400
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External...
CVE-2026-24400 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...