PT-2026-24607

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

SUSE CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

Hardened Repository error: "veeam-grp-backup group has no rights on the backup folder"

Challenge When editing the properties of a Hardened Repository that has been upgraded to Veeam Hardened Repository version 13 for Veeam Backup & Replication 13 using the Veeam Infrastructure Appliance ISO, and was originally created using the Veeam Hardened Repository ISO version 2.0 for Veeam...

CVE-2026-25062

Outline (the Outline service) prior to version 1.4.0 is vulnerable via JSON import where attachments[].key is passed to path.join(rootPath, node.key) and then read with fs.readFile without validation, enabling path traversal (e.g., ../ or absolute paths) to read arbitrary server files and import ...

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

CVE-2026-25157

OpenClaw/OpenClaw-related CVEs (CVE-2026-25157) describe OS command injection in sshNodeCommand and related SSH parsing logic, affecting macOS OpenClaw components prior to version 2026.1.29. The root causes are: (1) sshNodeCommand builds a shell script and escapes user input for a project path on...

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 is affected by an unquoted service path vulnerability in the Realtek11nSU service, enabling local users to execute code with elevated privileges during startup or reboot. Root cause: unquoted service path. Impact: local privilege escalation with high confiden...

PT-2026-3832

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

CVE-2019-25231

Summary of CVE-2019-25231 (Devolo dLAN Cockpit 4.3.1) : The unquoted service path vulnerability affects the DevoloNetworkService in devolo dLAN Cockpit 4.3.1, allowing local, non-privileged users to potentially execute arbitrary code by placing malicious code in the system root path. This could e...

CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

CVE-2023-53965

CVE-2023-53965 concerns SOUND4 Server Service 4.1.102 with an unquoted service path. The unquoted binary path could be exploited by a local, non-privileged user to execute code with elevated (LocalSystem) privileges during service startup by placing a malicious binary in the system root. Document...

CVE-2025-11938

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2025-11938 ChurchCRM setup.php deserialization

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2025-11938 ChurchCRM setup.php deserialization

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...