24 matches found
CVE-2026-40610
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610
CVE-2026-40610 affects BentoML prior to 1.4.39, where bentoml build traverses attacker-controlled symlinks in the build context and copies the target file contents into the generated Bento artifact. This leads to potential local-file disclosure (e.g., secrets, credentials, environment files) when...
CVE-2026-40610 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from arbitrary file reading in the QQBot media tag, allowing attackers to reference local paths on hosts...
Inkscape 代码问题漏洞
Inkscape is an open-source graphic editor developed by Inkscape itself. Prior to Inkscape 1.3, there were code-related vulnerabilities. These vulnerabilities stemmed from issues with the XInclude processing component, which allowed local file leaks. This could enable remote attackers to access...
CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
CVE-2026-24056
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
Linux Distros Unpatched Vulnerability : CVE-2018-6045
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...
Linux Distros Unpatched Vulnerability : CVE-2018-6035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...
webpack-dev-middleware: lack of URL validation may lead to file leak
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...
webpack-dev-middleware: lack of URL validation may lead to file leak
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...
Spiceworks Security Breach
Spiceworks is an IT management software from the Spiceworks community. It focuses on simplifying the process of inventorying, monitoring networks, and generating reports for IT professionals in small and medium-sized businesses. A security vulnerability exists in Spiceworks Help Desk Server...
SUSE CVE-2009-3385
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...
PowerArchiver 代码问题漏洞
PowerArchiver is a software application. It provides a function to compress and encrypt data A code issue vulnerability exists in PowerArchiver versions prior to 20.10.02, which stems from the XM parser used by the program that allows the processing of external entities, which could lead to the...
UBUNTU-CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
DEBIAN-CVE-2019-13707
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application...
UBUNTU-CVE-2019-13707
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application...