CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

CVE-2026-7182

The CVE concerns Diagram’s export module vulnerability to Path Traversal via the src attribute due to insufficient HTML sanitization. An unauthenticated attacker could craft HTML payloads that access local server files and cause them to be displayed in the generated PDF. The issue is mitigated by...

4ga Boards 路径遍历漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during the import of BOARDS archives, which could lead to unauthorized...

OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)

Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...

SUSE CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

OESA-2025-2619 python-aiomysql security update

aiomysql is a "driver" for accessing a MySQL database from the asyncio PEP-3156/tulip framework. It depends on and reuses most parts of PyMySQL . aiomysql tries to be like awesome aiopg library and preserve same api, look and feel. Security Fixes: aiomysql is a library for accessing a MySQL...

EUVD-2018-2901

Malware in sbrugna...

CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

WireMock XML External Entity Injection Vulnerability

WireMock is an open source HTTP-based API simulator . An XML external entity vulnerability exists in WireMock versions prior to 2.16.0. A remote attacker could exploit this vulnerability to access local files and internal resources and potentially cause a denial of service...