Lucene search
K

33 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 7:40 p.m.15 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/26 7:40 p.m.17 views

EUVD-2026-31971

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/26 7:40 p.m.18 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1
OSV
OSV
added 2026/05/07 9:41 p.m.6 views

GHSA-XHRW-5QXX-JPWR Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.9 views

Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/08 3:3 p.m.1 views

GHSA-56P5-8MHR-2FPH LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31349

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS6AI score0.00396EPSS
Exploits1References5
NVD
NVD
added 2026/04/01 5:28 p.m.6 views

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

8.8CVSS0.00372EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:46 p.m.11 views

Langflow has an Arbitrary File Write (RCE) via v2 API

Summary While reviewing the recent patch for CVE-2025-68478 External Control of File Name in v1.7.1, I discovered that the root architectural issue within LocalStorageService remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on...

9.9CVSS6AI score0.01417EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26336

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is susceptible to an arbitrary file write issue through the POST /api/v2/files API endpoint. The vulnerability stems from a lack of boundary containment checks in the storage layer, which...

9.9CVSS6.1AI score0.01417EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-26394

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

8.8CVSS6.4AI score0.00639EPSS
Exploits0References11
OSV
OSV
added 2026/02/18 5:44 p.m.5 views

GHSA-RWJ8-P9VQ-25GV OpenClaw has a LFI in BlueBubbles media path handling

Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...

7.5CVSS5.7AI score0.00292EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/09/22 7:15 p.m.5 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8CVSS7.4AI score0.01239EPSS
Exploits1References4
Rows per page
Query Builder