Lucene search
+L

246 matches found

Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the Gateway plugin HTTP. An attacker can gain unauthorized write access by sending requests that are only intended to have read privileges, resulting in...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 11:9 p.m.10 views

PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/03 4:8 a.m.1 views

GHSA-JG56-WF8X-QRV5 goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

Summary POST multipart upload directory not sanitized | httpserver/updown.go:71-174 This finding affect the default configuration, no flags or authentication required. Details File: httpserver/updown.go:71-174 Trigger: POST //upload server.go:49-51 checks HasSuffixr.URL.Path, "/upload" The filena...

9.8CVSS6.2AI score0.00683EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/12 2:21 p.m.3 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack through improper handling of symlink alias resolution during workspace boundary checks. An attacker can gain unauthorized write access to files outside the intended workspa...

7.3CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.7 views

CVE-2026-28286

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

9.9CVSS6AI score0.0041EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:28 p.m.6 views

CVE-2026-28286

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

9.9CVSS6AI score0.0041EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/01/21 10:24 p.m.9 views

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.10 views

CVE-2020-7495

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause unauthorized write access outside of expected pa...

5.5CVSS6.7AI score0.00883EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.10 views

CVE-2020-7496

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause unauthorized write access when opening the project file...

7.8CVSS7.2AI score0.00862EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.5 views

Adobe ColdFusion Credential Protection Insufficiency Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an insufficiently protected credentials...

5.3CVSS5.9AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.6 views

CVE-2025-64786

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited...

4CVSS6.5AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.6 views

CVE-2025-64787

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

4CVSS6.4AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.4 views

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS6.7AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.4 views

CVE-2025-64897

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service...

5.6CVSS6.5AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 12:30 a.m.7 views

EUVD-2025-202343

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

4.3CVSS6.3AI score0.00388EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 12:30 a.m.7 views

EUVD-2025-202347

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service...

5.6CVSS6.1AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 12:30 a.m.6 views

EUVD-2025-202345

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation o...

9.1CVSS6.1AI score0.00586EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 12:16 a.m.8 views

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS0.00388EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.8 views

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.5 views

CVE-2025-64897

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service...

5.6CVSS5.8AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder