Lucene search
K

143 matches found

CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the local root directory of the tool’s result media path, allowing arbitra...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2025-208639

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/13 9:31 p.m.5 views

Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/13 7:53 p.m.3 views

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS0.00597EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 3:21 p.m.4 views

CVE-2025-66249 Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

5.7AI score0.00597EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 3:21 p.m.13 views

CVE-2025-66249

CVE-2025-66249 is a Directory Traversal vulnerability in Apache Livy (affecting 0.3.0 to before 0.9.0). The issue arises when the non-default Livy server setting livy.file.local-dir-whitelist bypasses directory checks, potentially allowing access to restricted paths. Impact is limited to unauthor...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

Apache Livy 路径遍历漏洞

Apache Livy is an application server developed by the Apache Foundation in the United States. It provides a way to programmatically submit Spark jobs from web and mobile applications, with fault tolerance and multi-tenant capabilities. Prior to Apache Livy 0.9.0, there was a path traversal...

6.3CVSS5.8AI score0.00597EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/06 9:6 a.m.13 views

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.7AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 9:30 a.m.2 views

GHSA-F8R6-6222-9PVC Apache Kyuubi Server vulnerable to Path Traversal

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS5.8AI score0.00892EPSS
Exploits0References4
NVD
NVD
added 2026/01/05 9:15 a.m.5 views

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS0.00892EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/05 8:46 a.m.5 views

EUVD-2026-0819

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.2AI score0.00892EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.6 views

PT-2026-1236

Name of the Vulnerable Software and Affected Versions Apache Kyuubi versions 1.6.0 through 1.10.2 Description A client with access to the Apache Kyuubi Server through Kyuubi frontend protocols can bypass the server-side configuration kyuubi.session.local.dir.allow.list and access local files not...

8.8CVSS6.3AI score0.00892EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/12/09 8:26 p.m.6 views

CVE-2025-14228

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.6AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/12/08 11:15 a.m.5 views

CVE-2025-14228

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/08 10:32 a.m.32 views

CVE-2025-14228 Yealink SIP-T21P E2 Local Directory cross site scripting

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/08 10:32 a.m.6 views

EUVD-2025-201706

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.1AI score0.00198EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/08 10:32 a.m.3 views

CVE-2025-14228 Yealink SIP-T21P E2 Local Directory cross site scripting

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.2AI score0.00198EPSS
Exploits0References4
CVE
CVE
added 2025/12/08 10:32 a.m.16 views

CVE-2025-14228

CVE-2025-14228 affects Yealink SIP-T21P E2 (firmware 52.84.0.15). The issue is a cross-site scripting vulnerability in an unknown function of the Local Directory Page, allowing remote initiation of an attack. Public exploit code exists and has been reported through multiple feeds, with vendor con...

5.1CVSS5.2AI score0.00198EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.5 views

PT-2025-49545

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.6AI score0.00198EPSS
Exploits0References5
Rows per page
Query Builder