Lucene search
K

1066 matches found

CNNVD
CNNVD
added 2026/03/07 12:0 a.m.16 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...

8.7CVSS5.8AI score0.00533EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

Amazon Linux 2023 : assertj-core, assertj-core-javadoc (ALAS2023-2026-1448)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1448 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/04 7:28 p.m.1 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the extractToolResultMediaPaths process. An attacker can access and exfiltrate sensitive files from the system's temporary directory or other allowed local roots b...

6.9CVSS6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 9:37 p.m.7 views

OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files

Impact assertBrowserNavigationAllowed validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows. Affected Component -...

7.1CVSS5.9AI score0.00403EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/03 12:20 a.m.6 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the avatar handling. An attacker can access sensitive local files outside the intended workspace by submitting crafted symlink paths to the avatar interface. Remediatio...

7.5CVSS6AI score0.00327EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 11:34 p.m.5 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the sendAttachment and setGroupIcon message actions when sandboxRoot is unset. An attacker can read arbitrary files accessible to the runtime user by triggering...

8.7CVSS6.5AI score0.00372EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/02 5:8 p.m.11 views

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 CVSS score: 8.8, has been described as a case of...

8.8CVSS6.3AI score0.06545EPSS
Exploits2
Veracode
Veracode
added 2026/02/26 6:13 a.m.5 views

XML External Entity (XXE)

biopython is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML doctype declarations, which allows an attacker to inject malicious external entities and potentially read local files or access internal resources...

4.9CVSS5.8AI score0.00293EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

changedetection.io 路径遍历漏洞

Changedetection.io is a website-based application developed by dgtlmoon, designed for file change detection, monitoring, and notification. Versions of changedetection.io prior to 0.53.2 contained a path traversal vulnerability. This vulnerability stemmed from the /static// route accepting the...

5.3CVSS5.8AI score0.00917EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.4 views

CVE-2026-1227

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from...

7CVSS5.5AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 11:16 p.m.6 views

CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

7.5CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2026/02/11 9:16 p.m.9 views

CVE-2020-37192

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...

6.7CVSS0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.5 views

ZOLL ePCR 安全漏洞

ZOLL ePCR is an electronic casualty reporting software developed by ZOLL Corporation in the United States. ZOLL ePCR has a security vulnerability, which stems from uncleaned user inputs being reflected into the WebView, potentially allowing arbitrary local file access...

6.7CVSS5.9AI score0.00172EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.9 views

WeGIA - Directory Traversal

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

10CVSS6AI score0.01448EPSS
Exploits1References2
NVD
NVD
added 2026/01/28 6:16 p.m.8 views

CVE-2020-36944

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...

6.9CVSS0.00186EPSS
Exploits1References4
CVE
CVE
added 2026/01/28 5:35 p.m.14 views

CVE-2020-36944

ILIAS Learning Management System 4.3 is affected by a server-side request forgery (SSRF) vulnerability that lets an attacker read local files via the portfolio PDF export feature. The published description states an attacker can inject a script that uses XMLHttpRequest to retrieve local file cont...

6.9CVSS5.9AI score0.00186EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/28 6:15 a.m.5 views

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

7.2CVSS0.00284EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/28 12:24 a.m.3 views

SUSE CVE-2026-24400

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

6.1CVSS5.9AI score0.00542EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-24400

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External...

9.1CVSS7.3AI score0.00542EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/26 10:19 p.m.21 views

CVE-2026-24400 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

8.2CVSS0.00542EPSS
Exploits0References4
Rows per page
Query Builder