256 matches found
EUVD-2026-26117
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
PT-2026-35793
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A filesystem policy bypass exists in the processing of docx uploads, enabling local file reads outside of workspace boundaries. This allows attackers to access files beyond the intended...
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
CVE-2026-21509-PoC Educational PoC for CVE‑2026‑21509...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
GHSA-7JC7-G598-2P64 XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
XDocReport security vulnerabilities
XDocReport is an open-source XML document reporting software developed by opensagres. Versions 0.9.2 to 2.0.3 of XDocReport have security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which may allow arbitrary code to be executed by uploading a specially...
CVE-2025-65815
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal...
Exploit for CVE-2022-30190
LetsDefend-SOC173-Follina-0-Day-Detected We are presented with...
Mammoth is vulnerable to Directory Traversal
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
EUVD-2020-17979
Malware in sbrugna...
EUVD-2006-0767
Malware in sbrugna...
EUVD-2006-2198
Malware in sbrugna...
EUVD-2018-15764
Malware in sbrugna...
EUVD-2011-3224
Malware in sbrugna...
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon...
Catdoc 数字错误漏洞
Catdoc is a program that reads MS-Word files and prints them readably, by the individual developer Pete Warden in the United States. A security vulnerability exists in Catdoc version 0.95 that stems from an integer underflow in the OLE document DIFAT parser, which could lead to heap memory...
CVE-2020-25291
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...
Exploit for CVE-2022-30190
ICT287CVE-2022-30190Exploit Project on CVE-2022-30190 exploi...
Syncfusion Essential Studio for ASP.NET MVC 安全漏洞
Syncfusion Essential Studio for ASP.NET MVC is a set of server-side wrappers powered by Essential JavaScript from Syncfusion. A security vulnerability exists in Syncfusion Essential Studio for ASP.NET MVC prior to version 27.1.55, which stems from an XML exception being thrown when re-saving a DO...
Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop', 'Description' = %q This module exploits a denial of service flaw in the Microsoft...