Lucene search
K

40 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 6:15 p.m.7 views

CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:5 a.m.4 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the media parsing process. An attacker can access arbitrary files on the system by supplying crafted file paths. Details A Directory Traversal attack also known as...

7.1CVSS6.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:5 a.m.7 views

OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/03 3:5 a.m.2 views

GHSA-F6PF-4GJX-C94R OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

7.1CVSS5.9AI score0.00688EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-32846

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 6:31 p.m.3 views

GHSA-HGGM-X7R9-MM7V OpenClaw is vulnerable to Path Traversal through path validation bypass

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/26 6:31 p.m.7 views

OpenClaw is vulnerable to Path Traversal through path validation bypass

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/26 6:31 p.m.3 views

EUVD-2026-16248

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS5.8AI score0.00688EPSS
Exploits1References5
NVD
NVD
added 2026/03/26 5:16 p.m.6 views

CVE-2026-32846

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

8.7CVSS0.00688EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 4:36 p.m.29 views

CVE-2026-32846

OpenClaw prior to 2026.3.23 contains a path traversal vulnerability in media parsing that can read arbitrary files by bypassing path validation in isLikelyLocalPath() and isValidMedia(), with the allowBareFilename bypass enabling access to files outside the application sandbox. Impact includes di...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 4:36 p.m.1 views

CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:36 p.m.4 views

CVE-2026-32846

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28443

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.3.23 Description The software contains a path traversal issue in media parsing. This allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. The...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2024-53104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead ...

7.8CVSS6.6AI score0.03301EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.8 views

SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2025:0708-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0708-1 advisory. This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi:...

7.8CVSS7.5AI score0.03301EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.8 views

SUSE SLES12 Security Update : kernel (Live Patch 53 for SLE 12 SP5) (SUSE-SU-2025:0667-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0667-1 advisory. This update for the Linux Kernel 4.12.14-122194 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi: mac8021...

7.8CVSS7.5AI score0.03301EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.8 views

SUSE SLES15: kernel-livepatch-5_14_21-150400_24_125-default / etc (SUSE-SU-2025:0687-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0687-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-40956: dmaengin...

7.8CVSS7.2AI score0.03301EPSS
Exploits1References10
OSV
OSV
added 2025/02/24 4:35 p.m.13 views

SUSE-SU-2025:0698-1 Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes bsc1227320. - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklis...

7.8CVSS8.1AI score0.03301EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.33 views

RHEL 8 : kpatch-patch-4_18_0-553, kpatch-patch-4_18_0-553_16_1, and kpatch-patch-4_18_0-553_30_1 (RHSA-2025:1657)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1657 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

7.8CVSS7.8AI score0.03301EPSS
Exploits1References4
OSV
OSV
added 2025/02/14 8:38 a.m.5 views

CLSA-2025-1739522296 Fix of 7 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-url: https://ubuntu.com/security/CVE-2024-41020 - filelock: Fix fcntl/close race recovery compat path CVE-url: https://ubuntu.com/security/CVE-2024-43892 - memcg...

7.8CVSS7AI score0.03301EPSS
Exploits1References1
Rows per page
Query Builder