Lucene search
K

4 matches found

NVD
NVD
added 2026/06/19 6:17 a.m.9 views

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS0.0072EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 3:13 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before...

7.5CVSS5.8AI score0.00532EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.20 views

CVE-2026-32980 OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...

8.7CVSS0.00531EPSS
Exploits0References3
OSV
OSV
added 2026/01/01 7:16 a.m.5 views

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.5AI score
Exploits0References2
Rows per page
Query Builder