451 matches found
CVE-2026-32680
The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...
CVE-2026-33071
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...
EUVD-2025-208639
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2025-66249
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2025-66249
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2025-66249 Apache Livy: Unauthorized directory access
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2026-1471
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...
PT-2026-24726
Name of the Vulnerable Software and Affected Versions Neo4j Enterprise edition versions prior to 2026.01.4 Description Excessive caching of authentication context in Neo4j Enterprise edition allows authenticated users to inherit the context of the first user who authenticated after a restart. Thi...
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program
Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...
GHSA-7FF8-XJH3-MGH6 OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...
GHSA-VMQR-RC7X-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...
PT-2026-26392
Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...
ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems
A vulnerability for an integer overflow has been identified in the ImageMagick image processing software suite on 32-bit systems with non-default resource limits. An attacker can exploit this flaw by providing a specially crafted malicious image file BMP format for processing. Successful...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
EUVD-2026-5525
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
openSUSE 15 Security Update : python-python-multipart (SUSE-SU-2026:0307-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0307-1 advisory. - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Tenable has extracted the preceding description block direct...
OPENSUSE-SU-2026:20125-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...
SUSE-SU-2026:20188-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...