57 matches found
CVE-2025-10237
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...
Exploit for SQL Injection in Ghost
version Unauthenticated Stored Cross-Site Scripting CVE-2026-...
CVE-2026-41009 Local Blobstore may allow arbitrary reads/deletes
When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...
CVE-2026-41009
CVE-2026-41009 affects BOSH Director: all versions prior to v282.1.12. The vulnerability arises when the director uses a local blobstore; Blobstore::LocalClient#object_file_path joins the blobstore path with the provided oid without normalisation, enabling path traversal (e.g., oid = "../../jobs/...
CVE-2026-41009 Local Blobstore may allow arbitrary reads/deletes
When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...
VulnCheck KEV: CVE-2026-26980
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...
CVE-2025-29937
An out of bounds read within the AMD Platform Management Framework PMF could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality...
OpenPLC 安全漏洞
OpenPLC is an open-source, programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. OpenPLC has a security vulnerability, which stems from the binary program compiled from gluegenerator.cpp not verifying the file path...
GHSA-3GMF-P6R4-Q8M6 Apache Wicket has a Path Traversal issue
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bound read and write operations to the GFX interface. This vulnerability could allow remote attackers to execute arbitrary...
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read
Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...
CVE-2026-41366
CVE-2026-41366 affects OpenClaw prior to 2026.3.31. A local root/self-whitelisting flaw in appendLocalMediaParentRoots allows model-initiated arbitrary host file reads via improper media parent directory validation, enabling credential exfiltration and access to sensitive files. Affected users sh...
CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read
OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...
GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
CVE-2026-27202
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
PT-2026-21327
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researchi...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.4.3 that stems from a filetools operation that does not validate file paths, which could lead to arbitrary file reads and writes...
kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...