Lucene search
K

538 matches found

Snyk
Snyk
added 2026/02/18 12:55 a.m.8 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via unsafe handling of the PATH environment variable. An authenticated attacker with access to an execution surface can execute arbitra...

8.8CVSS6.3AI score0.00465EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 6:2 a.m.5 views

CVE-2026-2538

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

7.3CVSS4.7AI score0.00157EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/15 1:16 p.m.9 views

CVE-2026-2516

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is...

7.3CVSS0.00115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.18 views

PT-2026-7260

Name of the Vulnerable Software and Affected Versions Artifex MuPDF versions up to 1.26.1 Description A flaw exists in Artifex MuPDF up to version 1.26.1 on Windows. The issue is related to uncontrolled search path manipulation caused by the get system dpi function within the platform/x11/win...

7.3CVSS5.2AI score0.00115EPSS
Exploits0References9
NVD
NVD
added 2026/02/03 10:16 p.m.11 views

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS0.00499EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS5.5AI score0.00499EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/01 12:56 p.m.35 views

CVE-2022-50950 Webile 1.0.1 Directory Traversal Vulnerability via Web Application

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

7.1CVSS0.00875EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.10 views

PT-2026-5571

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

7.1CVSS5.9AI score0.00875EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50932

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...

8.7CVSS5.8AI score0.03534EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.6 views

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

8.6CVSS6.7AI score0.02745EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 a.m.5 views

CVE-2026-0732

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

9.8CVSS6.2AI score0.09953EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/08 11:32 p.m.6 views

CVE-2026-0732 D-Link DI-8200G upgrade_filter.asp command injection

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS6.5AI score0.09953EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.54 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:28 p.m.22 views

CVE-2019-25257

CVE-2019-25257 affects LogicalDOC Enterprise 7.7.4. The vulnerability arises from insufficient validation of binary paths when modifying system settings, allowing authenticated users to manipulate configuration parameters (e.g., antivirus.command, ocr.Tesseract.path) to execute arbitrary OS comma...

8.7CVSS7.6AI score0.0035EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.20 views

PT-2025-53343

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...

8.7CVSS7.3AI score0.0035EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.4 views

CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

8.6CVSS7.2AI score0.00712EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/22 2:10 p.m.11 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation

Summary GNU C is used by IBM DataPower Gateway as part of the Supervisor component. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared...

7.8CVSS7.3AI score0.00557EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/22 1:46 p.m.6 views

CVE-2025-14018

Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affects e-Fatura: before 1.2.15...

7.3CVSS5.8AI score0.00414EPSS
Exploits3References3
Veracode
Veracode
added 2025/12/11 7:31 p.m.7 views

Improper Symbolic Link Handling

Gogs is vulnerable to Improper Symbolic Link Handling. The vulnerability is due to the PutContents API not properly validating or restricting symbolic links, which allows an attacker to manipulate file paths and execute code locally on the system...

8.8CVSS7.5AI score0.7654EPSS
Exploits16References10Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/08 1:11 p.m.8 views

CVE-2025-14187

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...

8.6CVSS7.4AI score0.00585EPSS
Exploits0References1
Rows per page
Query Builder