Lucene search
K

1010 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.9 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the repository path handling process. An attacker can access files outside the intended repository directory by submitting crafted symlink paths...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.8 views

CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 1:56 p.m.9 views

EUVD-2026-26519

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

5.7AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

Engineer Your Data 路径遍历漏洞

Engineer Your Data is a data engineering and BI workflow assistance tool developed by Mohammad Huzefa Shaikh. Versions of Engineer Your Data prior to 0.1.3 have a path traversal vulnerability. This vulnerability stems from incorrect handling of the WORKSPACEPATH parameter in the functions readfil...

7.5CVSS7.2AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of error paths. This vulnerability may lead to an imbalance in reference counts...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 1:3 p.m.7 views

OESA-2026-1981 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

8.2CVSS6.1AI score0.00559EPSS
Exploits5References7
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

next-intl 安全漏洞

next-intl is a Next.js solution developed by Jan Amann. Versions of next-intl prior to 4.9.1 contained a security vulnerability, which was caused by improper handling of middleware pathing, potentially leading to redirection to untrusted hosts...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/16 7:14 a.m.7 views

Improper Access Control

@fastify/express is vulnerable to Improper Access Control. The vulnerability is due to incorrect path handling in the onRegister function, where middleware paths are duplicated when inherited by child plugins, causing them to not match incoming requests and resulting in bypass of security control...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/15 10:16 a.m.7 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS0.0043EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:52 a.m.4 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

@fastify/express 安全漏洞

@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express 4.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in path handling within the onRegister function, which cause the middleware paths to be added repeatedly when...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

8.7CVSS6.1AI score0.0038EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Apache PDFBox 安全漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions of Apache PDFBox from 2.0.24 to 2.0.36, as well as 3.0.0 to 3.0.7, have security vulnerabilities due to...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1552)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1552 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/04/11 12:14 a.m.4 views

CVE-2026-5053

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.1CVSS7.3AI score0.00149EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/08 8:2 p.m.2 views

GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.1AI score0.02185EPSS
Exploits1References5
NVD
NVD
added 2026/04/08 3:16 p.m.8 views

CVE-2026-39407

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS0.00459EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:41 p.m.2 views

CVE-2026-39407

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS5.9AI score0.00459EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/08 2:41 p.m.19 views

CVE-2026-39407 Hono has a middleware bypass via repeated slashes in serveStatic

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS0.00459EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 2:34 p.m.4 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References1
Rows per page
Query Builder