Lucene search
K

539 matches found

CVE
CVE
added 2026/03/05 8:38 p.m.15 views

CVE-2026-28442

ZimaOS 1.5.2-beta3 (a CasaOS fork) exposes an improper input validation and broken access control in filesystem operations. By altering the path parameter in the delete API, restricted system files/directories can be removed, bypassing UI protections. Backend lacks validation to ensure the path i...

8.5CVSS5.9AI score0.00304EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 8:38 p.m.3 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-22416 WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...

8.1CVSS5.9AI score0.00504EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23517

Name of the Vulnerable Software and Affected Versions ZimaOS version 1.5.2-beta3 Description ZimaOS, a fork of CasaOS, exhibits a security issue where restrictions on deleting internal system files and folders can be bypassed through manipulation of the API. Specifically, altering the path...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.53 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code vulnerabilities related to command hijacking. Attackers could execute unintended binary files by manipulating the PATH environment variable, potentially leading to arbitrary command...

8.8CVSS6.1AI score0.00465EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 10:8 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the tools.exec.safeBins process. An attacker can execute unauthorized binaries by manipulating the process PATH environment to introduce trojan executables wit...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 10:3 p.m.3 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the system.run execution. An attacker can execute an unintended or malicious executable by altering the PATH resolution after approval, causing a different binar...

8.7CVSS5.8AI score0.00091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/25 10:58 a.m.5 views

CVE-2025-11563

A flaw was found in wcurl. This vulnerability allows a remote attacker to manipulate the location where output files are saved. By crafting a malicious URL with percent-encoded slashes, the attacker can trick the wcurl command-line tool into writing files outside of the intended directory. This...

6.5CVSS5.6AI score0.00302EPSS
Exploits0References6
NVD
NVD
added 2026/02/23 11:16 a.m.10 views

CVE-2026-2985

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

6.5CVSS0.00297EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/23 10:32 a.m.5 views

CVE-2026-2985

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

6.5CVSS5.2AI score0.00297EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/23 7:16 a.m.10 views

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

6.5CVSS0.0031EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 6:32 a.m.32 views

CVE-2026-2976 FastApiAdmin Download Endpoint controller.py download_controller information disclosure

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

5.3CVSS0.0031EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/23 6:32 a.m.4 views

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

5.3CVSS4.8AI score0.0031EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/23 6:32 a.m.5 views

CVE-2026-2976 FastApiAdmin Download Endpoint controller.py download_controller information disclosure

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

5.3CVSS5AI score0.0031EPSS
Exploits1References4
CVE
CVE
added 2026/02/23 6:32 a.m.23 views

CVE-2026-2976

CVE-2026-2976 affects FastApiAdmin up to 2.2.0. The vulnerability resides in the Download Endpoint, specifically the download_controller in /backend/app/api/v1/module_common/file/controller.py, where manipulation of the file_path argument leads to information disclosure. The issue can be triggere...

6.5CVSS5AI score0.0031EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.12 views

PT-2026-21514

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

6.5CVSS5.2AI score0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.10 views

PT-2026-21501

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download controller of the file /backend/app/api/v1/module common/file/controller.py of the component Download Endpoint. This manipulation of the argument file path causes information disclosure. It...

5.3CVSS4.9AI score0.0031EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.7 views

CVE-2026-26098

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 4:54 p.m.23 views

CVE-2026-26098

The CVE-2026-26098 entry concerns Owl opds version 2.2.0.4 and is caused by an Uncontrolled Search Path Element. The issue permits manipulation of configuration file search paths via a crafted network request, indicating local attack vector with high impact on confidentiality and integrity, and h...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21264

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References2
Rows per page
Query Builder