1163 matches found
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the ConfigSyncController process. An attacker can perform unauthorized configuration synchronization operations by sending crafted requests to endpoints such as...
MAL-2026-2112 Malicious code in apply-hive-table (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...
CVE-2026-32007
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32007
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32007
OpenClaw up to version 2026.2.23 is affected by a path traversal vulnerability in the experimental apply_patch tool. The issue arises from inconsistent enforcement of workspace-only checks on mounted paths, allowing sandbox-embedded attackers to use apply_patch operations on writable mounts outsi...
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.23 had a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the experimental applypatch tool, which could allow attackers with sandbox acces...
EUVD-2026-12835
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply...
CVE-2026-4354
Summary of CVE-2026-4354 : TRENDnet TEW-824DRU devices (firmware versions 1.010B01/1.04B01) are affected. The vulnerability resides in the Web Interface component, specifically the function sub_420A78 in apply_sec.cgi, where manipulating the Language argument enables cross-site scripting (XSS). T...
PT-2026-25964
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub 420A78 of the file apply sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2026-1314)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-32060
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...
CVE-2026-32060 OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...
CVE-2026-32060 OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...
EUVD-2026-11150
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...
CVE-2026-32060
OpenClaw is affected: versions before 2026.2.14 contain a path traversal flaw in apply_patch when filesystem sandboxing is disabled. An attacker can craft paths (including absolute paths) to escape the configured workspace and modify or delete arbitrary files. Impact includes high risk to confide...
Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly
Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...