3303 matches found
CVE-2026-26272
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
CVE-2026-26272
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
Improper Certificate Validation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via channels.imessage.remoteHost. An attacker can execute arbitrary commands or intercept sensitive data by exploiting trust-on-first-use SSH host key...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via stageSandboxMedia when iMessage remote attachment fetching is enabled and the attacker can inject or tamper with attachment path metadata. An attacker can access...
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...
GHSA-X9CF-3W63-RPQ9 OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...
CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
PT-2026-26411
Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the media attachment handling. An attacker can access files outside the intended sandbox boundary by exploiting a race condition betwee...
CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CVE-2025-58402 Insecure Direct Object Reference Message ID
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CVE-2025-58402 Insecure Direct Object Reference Message ID
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
PT-2026-22577
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as...
CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...
CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as...
CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...