CVE-2026-6829 nesquena hermes-webui Arbitrary Workspace Directory Access

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

PT-2026-28497

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains an authorization bypass issue in the gateway agent RPC. Authenticated operators possessing operator.write permission can override workspace boundaries by manipulating the...

EUVD-2017-14336

Malware in sbrugna...

EUVD-2024-2008

Malicious code in bioql PyPI...

CVE-2024-8898

CVE-2024-8898 affects the Parisneo/Lollms-WebUI project, specifically the internal APIs at the install and uninstall endpoints for version V12 (Strawberry). The root cause is insufficient sanitization of user-supplied input, enabling path traversal that can create or delete directories via arbitr...

Code injection

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected.. This...

SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

GHSA-VP49-2G4R-M3X3 SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

Arbitrary Directory Access

salt allows arbitrary directory access. The salt-master process in ClearFuncs class allows access to some methods that improperly sanitize paths and the methods allow authenticated users to access arbitrary directories...

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

Improper access control

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

PYSEC-2020-103

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

CVE-2020-11652

Removed by vendor...

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Recent assessments: Assessed Attacker...

MGASA-2017-0394 Updated rpm package fixes security vulnerabilities

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

CVE-2004-0881

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir...

Multiple Vendor NFS CD Command Arbitrary File/Directory Access

The remote NFS server allows users to use a 'cd ..' command to access other directories besides the NFS file system. An attacker may use this flaw to read every file on this host. C Tenable Network Security, Inc. This is the implementation of an oooold attack. include 'compat.inc' ; if descriptio...