169 matches found
CVE-2026-30711
Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...
CVE-2026-28482
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...
CVE-2026-28482
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...
CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...
EUVD-2026-9928
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...
CVE-2026-28482
CVE-2026-28482 – OpenClaw : OpenClaw versions prior to 2026.2.12 are vulnerable to path traversal in transcript file paths constructed from unsanitized sessionId parameters and sessionFile paths, allowing an authenticated attacker to read or write files outside the agent sessions directory (e.g.,...
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
CVE-2026-28459
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
EUVD-2026-9907
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server
CVE-2025-47812 — Wing FTP Server Unauthenticated RCE ██╗...
Unsafe Deserialization
Scapy is vulnerable to unsafe deserialization. The vulnerability is due to insecure handling of serialized session files, which allows an attacker to execute arbitrary code by tricking a user into loading a malicious session file via the -s option...
GHSA-5XFQ-5MR7-426Q OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...
OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...
OpenClaw has an arbitrary transcript path file write via gateway sessionFile
Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...
PT-2026-1779
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...
Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞
Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. An operating system command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation...
GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage
If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...
CVE-2021-47734
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734
CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...