35 matches found
OpenClaw Backlink Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to cause arbitrary file overwrites...
CVE-2026-23986
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
Cpanel 安全漏洞
Cpanel is a set of automated web-based colocation platforms from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions 110 through 132, which stems from the existence of directory...
SiYuan 路径遍历漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A path traversal vulnerability exists in SiYuan 0.0.0-20251202123337-6ef83b42c7ce and prior versions, which stems from a ZipSlips vulnerability that could lead to arbitrary file overwrites...
Traefik 安全漏洞
Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 2.11.27 and earlier, 3.0.0 through 3.4.4, and 3.5.0-rc1, which stems from a path traversal in the WASM plugin installation mechanism that could lead to...
CVE-2025-32799
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...
PT-2025-25400 · Ricoh · Ricoh Streamline Nx V3 Pc Client
Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0 Description: An issue exists where an attacker can control file names or paths, allowing arbitrary files in the file system to be overwritten with log data if a specially crafted...
JetBrains Rider 安全漏洞
JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider that stems from a custom archive unpacker allowing arbitrary file overwrites during a remote debugging session, which can be exploit...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from a model export endpoint that does not restrict the export location, which could lead to arbitrary file overwrites...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from the exportModelDetails function not validating user-controllable parameters, which could lead to arbitrary file overwrites...
Open Neural Network Exchange Path Traversal Vulnerability
Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A path traversal vulnerability exists in Open Neural Network Exchange version 1.16.0, which stems from insufficient protection against path traversal attacks in...
RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Red Hat Ansible Automation Security Vulnerability
Red Hat Ansible Automation is a software application from Red Hat, Inc. It provides a means to automate all aspects of an infrastructure, from servers and network devices to operating systems, applications, and security. A security vulnerability exists in Red Hat Ansible Automation Hub, which ste...
Debian: Security Advisory (DLA-729-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2023-20149 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS version 9.4.0.x Description: The issue is related to incorrect default permissions, allowing a local malicious user to potentially overwrite arbitrary files, which could cause a denial of service. Recommendations: For De...
Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01594)
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager file upload function. An...
[SECURITY] [DLA 2822-1] netkit-rsh security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2822-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 19, 2021 https://wiki.debian.org/LTS -...
SUSE: Security Advisory (SUSE-SU-2019:0496-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-13833
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 June 2020...
CVE-2020-13833
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 June 2020...