29 matches found
CVE-2026-45088
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...
CVE-2026-9264
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
EUVD-2026-31386
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
PT-2026-42704
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
EUVD-2026-26127
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
CVE-2026-42424
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
CVE-2026-42424
OpenClaw before 2026.4.8 is affected by a local exfiltration vulnerability via shared reply MEDIA paths. The root cause is that shared reply MEDIA paths are treated as trusted, allowing crafted references to cause another channel to read local file paths as trusted media. Affected package: opencl...
PT-2026-35803
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
GHSA-QQQ7-4HXC-X63C OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration
Impact Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration. A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media. OpenClaw is a user-controlled local assistant. This advisory is...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the html2BlockDOM handler in kernel/api/lute.go and the asset-copying process in the desktop publish service. An attacker can exfiltrate sensitive local files readable by the desktop process by submitting HTM...
GHSA-JJGJ-CPP9-CVPV OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection
Summary A malicious or compromised MCP Model Context Protocol tool server can exfiltrate arbitrary local files from the host system by injecting MEDIA: directives into tool result text content. OpenClaw's tool result processing pipeline extracts file paths from MEDIA: tokens without source-level...
OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection
Summary A malicious or compromised MCP Model Context Protocol tool server can exfiltrate arbitrary local files from the host system by injecting MEDIA: directives into tool result text content. OpenClaw's tool result processing pipeline extracts file paths from MEDIA: tokens without source-level...
CVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...
EUVD-2021-15341
Malware in sbrugna...
CVE-2023-42445 Possible local file exfiltration by XML External entity injection
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...
Gradle Code Issues Vulnerabilities
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A code issue vulnerability exists in Gradle prior to 7.6.3 and prior to 8.4. The vulnerability stems from the fact that under certain circumstances, when Gradle parses an XML fil...
SUSE CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...