Lucene search
K

668 matches found

NVD
NVD
added 2026/04/06 6:16 p.m.8 views

CVE-2026-35050

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS0.00438EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 5:30 p.m.10 views

EUVD-2026-19408

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS5.9AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw path traversal vulnerability (CNVD-2026-16057)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...

7.5CVSS5.9AI score0.00254EPSS
Exploits0
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw backlink vulnerability (CNVD-2026-14859)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability, which is caused by a flaw in the static file handler following a symbolic link. An attacker can exploit the vulnerability to read arbitrary files outside the root directory...

5.5CVSS6AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.16 views

PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References8
OSV
OSV
added 2026/03/20 2:24 p.m.14 views

OESA-2026-1667 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

9.4CVSS5.8AI score0.00644EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 2:16 a.m.5 views

CVE-2026-22180

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS6AI score
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.9 views

EUVD-2026-12726

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.26 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References3
CNVD
CNVD
added 2026/03/17 12:0 a.m.5 views

OpenClaw Directory Traversal Vulnerability (CNVD-2026-14394)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that stems from the sandbox skill image failing to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to cause a file t...

7.9CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.11 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS0.00363EPSS
Exploits0References7
OSV
OSV
added 2026/03/13 7:54 p.m.5 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2026/03/13 7:54 p.m.2 views

DEBIAN-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 7:54 p.m.5 views

UBUNTU-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/13 9:11 a.m.25 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS0.00363EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:11 a.m.4 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder