61 matches found
GHSA-CFCJ-HQPF-HCCF @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)
Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...
CVE-2026-7642
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...
CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...
CVE-2026-7642
The vulnerability affects pskill9 website-downloader (up to 0.1.0) in the MCP Interface, specifically the download_website function in src/index.ts. The root cause is manipulation of the outputPath argument that leads to OS command injection. Attack surface is network-initiated with low privilege...
CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...
Website Downloader MCP Server 命令注入漏洞
The Website Downloader MCP Server is a website download tool developed by Manav Kundra. It supports recursive downloading while maintaining the local link structure. Versions of the Website Downloader MCP Server prior to 0.1.0 had a command injection vulnerability. This vulnerability stems from t...
CVE-2026-7599
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7599
The vulnerability affects Dayoooun hwpx-mcp 0.2.0, specifically the MCP Interface. It targets the mcp-server/src/index.ts functions save_document, export_to_text, and export_to_html, enabling path traversal via manipulation of the argument output_path. This allows remote exploitation, and the exp...
CVE-2026-7599
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
EUVD-2026-26723
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
HWPX MCP Server 路径遍历漏洞
HWPX MCP Server is an enhanced version of the HWPX document editing MCP server by Kim dayoun individual developer. A path traversal vulnerability exists in HWPX MCP Server version 0.2.0, which stems from an improper operation of the savedocument/exporttotext/exporttohtml functions of the...
PT-2026-36551
Name of the Vulnerable Software and Affected Versions Dayoooun hwpx-mcp version 0.2.0 Description A path traversal issue exists in the MCP Interface component within the file mcp-server/src/index.ts. Manipulation of the output path argument in the functions save document, export to text, and expo...
SUSE CVE-2026-31668
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...
CVE-2026-31668
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper validation of the outPath parameter in the screen recording. An attacker can write files outside the intended workspace boundary by specifying a path...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...