Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

7.5CVSS0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:7 p.m.10 views

CVE-2026-32024

OpenClaw (npm) versions prior to 2026.2.22 are affected by a symlink traversal vulnerability in avatar handling that lets remote attackers read arbitrary files outside the configured workspace boundary by requesting avatar resources through gateway surfaces. The issue affects the openclaw package...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.6 views

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

6.8CVSS5.9AI score0.00327EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.18 views

CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

6.8CVSS0.00327EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.4 views

CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

6.8CVSS5.8AI score0.00327EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 10:7 p.m.7 views

EUVD-2026-13296

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

6.8CVSS5.9AI score0.00327EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 12:20 a.m.6 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the avatar handling. An attacker can access sensitive local files outside the intended workspace by submitting crafted symlink paths to the avatar interface. Remediatio...

7.5CVSS6AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-26405

Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...

6.8CVSS5.8AI score0.00327EPSS
Exploits0References8
Snyk
Snyk
added 2025/09/03 5:42 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the extractImageInfo function for user avatars. An attacker can execute arbitrary scripts in the context of another user by uploading malicious files that are served without proper content type validation...

6.3CVSS5.7AI score0.00236EPSS
Exploits1References2
NVD
NVD
added 2025/04/28 9:15 a.m.33 views

CVE-2025-4012

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

7.5CVSS0.00385EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/10/04 11:36 a.m.18 views

CVE-2019-17132

vBulletin through 5.5.4 mishandles custom avatars...

9.6AI score0.1178EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2005/02/23 12:0 a.m.26 views

phpBB <= 2.0.11 Multiple Vulnerabilities

The remote host is running phpBB version 2.0.11 or older. Such versions suffer from multiple vulnerabilities: - full path display on critical messages. - full path disclosure in username handling caused by a PHP 4.3.10 bug. - arbitrary file disclosure vulnerability in avatar handling functions. -...

6.4CVSS6AI score0.02043EPSS
Exploits0References2
Rows per page
Query Builder