Lucene search
+L

36 matches found

Github Security Blog
Github Security Blog
•added 2026/06/19 10:10 p.m.•20 views

Anki's local HTTP server does not sufficiently validate requests

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. While the server has a CORS setup, requests from other origins were not blocked, allowing malicious websites to potentially trigger side-effecting requests. Browser impact The severity varies ...

2.1CVSS6.1AI score0.00181EPSS
Exploits0References6Affected Software1
OSV
OSV
•added 2026/06/17 6:35 p.m.•8 views

GHSA-9G3X-6X24-VF9F pdfkit: Path traversal in from_string

In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...

8.4CVSS5.5AI score0.00392EPSS
Exploits0References4
NVD
NVD
•added 2026/06/17 5:16 p.m.•17 views

CVE-2025-26240

In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...

8.4CVSS0.00392EPSS
Exploits0References2
OSV
OSV
•added 2026/06/17 5:16 p.m.•6 views

DEBIAN-CVE-2025-26240

In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...

8.4CVSS6AI score0.00392EPSS
Exploits0References1
CVE
CVE
•added 2026/06/17 12:0 a.m.•19 views

CVE-2025-26240

The CVE-2025-26240 entry affects JazzCore’s python-pdfkit 1.0.0, where the from_string method allows JavaScript to execute within the server context and enables exfiltration of local files. This indicates a server-side execution vector with high impact on confidentiality, integrity, and availabil...

8.4CVSS5.6AI score0.00392EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2026/06/08 12:0 a.m.•10 views

Amazon Linux 2 : yelp, --advisory ALAS2-2026-3337 (ALAS-2026-3337)

The version of yelp installed on the remote host is prior to 3.28.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3337 advisory. A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help docume...

7.4CVSS5.5AI score0.12592EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/05 7:18 p.m.•10 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/22 1:4 a.m.•7 views

CVE-2026-9264

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

6.4AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/22 1:4 a.m.•14 views

EUVD-2026-31386

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

9.3CVSS6.4AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/22 12:0 a.m.•20 views

PT-2026-42704

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

6.4AI score0.00231EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/28 6:10 p.m.•2 views

CVE-2026-42424

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS5.2AI score0.00181EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/04/28 6:10 p.m.•30 views

CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS0.00181EPSS
Exploits0References3
EUVD
EUVD
•added 2026/04/28 6:10 p.m.•5 views

EUVD-2026-26127

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS5.2AI score0.00181EPSS
Exploits0References3
CVE
CVE
•added 2026/04/28 6:10 p.m.•13 views

CVE-2026-42424

OpenClaw before 2026.4.8 is affected by a local exfiltration vulnerability via shared reply MEDIA paths. The root cause is that shared reply MEDIA paths are treated as trusted, allowing crafted references to cause another channel to read local file paths as trusted media. Affected package: opencl...

5.9CVSS5.2AI score0.00181EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
•added 2026/04/28 6:10 p.m.•4 views

CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS5.2AI score0.00181EPSS
Exploits0References3
OSV
OSV
•added 2026/04/28 6:10 p.m.•2 views

CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS5.9AI score0.00181EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/04/28 12:0 a.m.•5 views

PT-2026-35803

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

5.9CVSS5.2AI score0.00181EPSS
Exploits0References6
OSV
OSV
•added 2026/04/09 5:32 p.m.•3 views

GHSA-QQQ7-4HXC-X63C OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration

Impact Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration. A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media. OpenClaw is a user-controlled local assistant. This advisory is...

5.1CVSS5.8AI score0.00181EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/03/26 3:3 p.m.•5 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References1
Snyk
Snyk
•added 2026/03/17 2:7 p.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the html2BlockDOM handler in kernel/api/lute.go and the asset-copying process in the desktop publish service. An attacker can exfiltrate sensitive local files readable by the desktop process by submitting HTM...

9.9CVSS6.4AI score0.00414EPSS
Exploits1References2
Rows per page
Query Builder