CVE-2026-27670 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...

Qdrant 安全漏洞

Qdrant is an open-source vector similarity search engine and vector database developed by Qdrant. Versions of Qdrant from 1.9.3 to 1.16.0 contained security vulnerabilities. These vulnerabilities stemmed from the /logger endpoint, which allowed arbitrary content to be appended to any file through...

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...